Perhaps I'm preaching to the virtual choir, but I was fascinated by a recent Gartner report that calmly noted, "...most virtualized workloads are being deployed insecurely." Before you say "I told you so," hear why Gartner's saying that.
In its report titled "Addressing the Most Common Security Risks in Data Center Virtualization Projects," Gartner analysts conclude, "Through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace."
They identify six security risks in data center virtualization projects, based on their research, and recommend ways to reduce those security risks. Though your virtualization project might not be anywhere near the size and scope of a data center, Gartner's list (via report or press release) is worth a look:
1. Security wasn't invited.
Gartner warns: "Information security isn't initially involved in the virtualization projects."
"… security professionals need to realize that risk that isn't acknowledged and communicated cannot be managed. They should start by looking at extending their security processes, rather than buying more security, to address security in virtualized data centers."
2. You blow one layer, you blow everything.
Gartner warns: "A compromise of the virtualization layer could result in the compromise of all hosted workloads."
"… treat this layer as the most critical x86 platform in the enterprise data center and keep it as thin as possible, while hardening the configuration to unauthorized changes…."
3. Lack of visibility.
Gartner warns: "The lack of visibility and controls on internal virtual networks created for VM-to-VM communications blinds existing security policy enforcement mechanisms."
"… at a minimum, organizations [should] require the same type of monitoring they place on physical networks, so that they don't lose visibility and control when workloads and networks are virtualized…."
4. Ignoring trust levels
Gartner warns: "Workloads of different trust levels are consolidated onto a single physical server without sufficient separation."
"…enterprises should require the same type of separation required in physical networks today for workloads of different trust levels within the enterprise data center."
5. Knowingly giving anyone-and-his-brother access
"Adequate controls on administrative access to the Hypervisor/VMM layer and to admin tools are lacking."
Organizations should be "restricting access to the virtualization layer as with any sensitive OS and favoring virtualization platforms that support role-based access control…."
6. Accidentally giving anyone-and-his-brother access
"Potential loss of separation of duties for network and security controls."
"…the same team responsible for the configuration of network topology (including virtual LANs) in the physical environment should be responsible for this in virtual environments. They should favor virtualization platform architectures that support replaceable switch code…."