The massive transformation of IT, driven by virtualization and cloud computing initiatives, is compelling a re-think of the way enterprises protect their critical assets. The most critical resources are typically the applications and their data, and their systems that support them i.e. servers, storage and databases. Good security design employs a defense in depth approach to protect these resources from unauthorized user access and attacks. Our belief is that “all-virtual” architectures open the door for discontinuous innovation resulting in better security than was earlier possible, leveraging virtualization attributes such as introspection, instant insertion/layering, distributable enforcement, and policies that migrate with the workload. Ultimately, virtualization’s greatest benefit is un-tethering processing from the hardware, leaving the door open to migrate workloads and their dependencies to the cloud in an agile fashion.
One approach to take a look at changes underway that drastically impact the security landscape, is to follow along with major initiatives both within VMware, and across the industry in general.:
- Infrastructure Virtualization: VMware vSphere platform
- Cloud Computing: VMware vCloud initiatives (private, hybrid)
- Desktop Virtualization: VMware View platform
- App Development Frameworks: VMware SpringSource
Following is a (very) brief introduction to the implications of these initiatives on security.
Infrastructure Virtualization Security:
Server security today is typically achieved by grouping virtual workloads into trust zones co-resident on a vSphere host, and mapping these into VLANs all the way to the core network, where traffic is directed to physical firewalls & intrusion prevention systems for checks against security policy. As the unit of virtualization evolves to become a cluster with homogenized compute, memory, storage and network resource pools, this security architecture negates some of the potential benefits.
Tremendous simplification and flexibility is achievable if we virtualize such network security services, and instead of “hair-pinning” traffic to physical core firewalls, bring these into the virtualization layer. A distributed virtual firewall allows mixed trust zones across the compute cluster, avoids VLAN sprawl, side steps firewall chokepoints, and alleviates the onus of keeping static firewall rules in lock step with application virtualization initiatives. The notion of portable, secure vApps now becomes viable.
Private Cloud Security:
While there is tremendous public debate regarding security, including data privacy in public clouds, a more pragmatic approach is to bring the benefits of cloud computing i.e. agile standup, elasticity and metered pricing, to enterprises via the private cloud, in a secure and compliant fashion. Enterprise IT’s role evolves to one of a cloud provider, serving various lines of business, departments, remote sites, etc.
Ideally, enterprise cloud providers deliver secure virtual data centers (VDC) to each of their customers, enabling them to then set up virtual apps in a self-service fashion. This is much like getting a virtual rack/cage from a hosting provider. Extending on this analogy, the VDC encapsulates edge security services e.g. firewalls, public/private address isolation, authorized access, and segmented access to shared services like backup, NAS, monitoring systems. Initial implementations will be evolutionary, relying on existing compliance frameworks, and transparent federation to existing AD systems. Over time, we expect the secure VDC concept to encapsulate additional capabilities found in a physical data center.
Other key initiatives in this area include ensuring secure multi-tenancy via isolated partitions, separation of duties (cloud provider versus tenants), data privacy, and compliance/audit across the entire stack.
Desktop Virtualization Security:
Desktop virtualization is arguably one of the most compelling transformations from a security perspective. Centralizing desktops into the datacenter enables centralized/homogenized security policy, images updated with latest security patches, and applying security controls based on user profile e.g. contractor versus employee at home, or executive in a hotel room.
Building on the intrinsically more secure VDI architecture, other significant innovations are underway. The centralized architecture enables offloading security agents (e.g. anti-virus) from the guest into a security VM on the host, realizing efficient utilization of CPU, memory and I/O, and freeing up the desktop for the task at hand. Likewise periodic A/V scans from the security VM, combined with linked clone technology, enables efficient security checks. Roles-based network access control policy and data leakage prevention policy (prevent sensitive data from being copied to the USB drive) and whitelisting access to sites, are other areas that fit well into the centralized VDI approach.
App Development Framework Security:
One other area that promises to change how we secure enterprises is the emergence of next generation application developer frameworks, characterized by rapid develop-deploy-operate cycles, application security libraries that can be built into the application and injection techniques that enable security, audit, or compliance policy to be injected into the application stack at various stages in the deployment cycle. Spring security and spring injection are examples of such capabilities.
Over time, such “top-down” application security initiatives will blend into the virtualization/cloud infrastructure advancements outlined above, leading to automatable, repeatable security enforcement, audit and compliance.
Outlined heretofore is a brief introduction to the path we’re on to un-tether security from the physical infrastructure. Virtual infrastructure lays the foundation for the journey to cloud computing. Secure virtual datacenters (VDCs) build on this foundation, and encapsulate edge, interior, and federated security concepts, allowing us to deliver enterprise-class clouds. The figure below is a simplified view of such an architecture – the VDC becomes the new unit of cloud computing, with specific separation of duties.
Enterprise Cloud Providers deliver secure VDCs to their business units. Business unit owners set up apps with their respective policies, in the context of the VDC. Trade-offs can be independently made as to whether these VDCs are stood up in the local datacenter, or in a remote cloud. Hand-off points are explicit, and are the basis for compliance, audit, trust and policy boundaries.
We continue to work with industry leaders, enterprises and providers, and ecosystem partners to deliver on the vision of fully automated, secure, compliant, policy-driven datacenter services. Ultimately, we believe that we can achieve “better security through virtualization”.
Please let me know what you think!