«
»

Changing the Security Model for Virtualized Cloud Systems


Written by David Floyer


Physical->Logical Shockers

A key value proposition of both internal and external clouds is reduction in cost from shared resources. Virtualized processors, virtualized storage, virtualized CNAs (Converged Network Adapters) and Virtualized IO are all running virtual machines on commodity hardware.

However, security has its foundations on protecting real objects. An IP address is linked to a real piece of hardware, storage ports have been masked or separated, and processors dedicated to specific sensitive workloads. Security products are often linked to specific hardware, as in encryption of data at rest, encryption of network traffic, and encryption of tapes. If the links between these technologies is physical (e.g., no connection between server and storage) or a well understood logical separation (e.g., LUN masking) then the security gurus can be persuaded that security is auditable.  When all the components of the system are shared, the security experts that I have talked to throw up their hands in horror.

As Chuck Hollis recently said very eloquently, it is “easy enough to say, “yes, darn it, we need better tools!”   He goes on to say “… tools in isolation can only get you so far.  At some point, the model needs to change.”

My belief is that the security model for virtualization and cloud computing has to change from securing components to “end-to-end” security, between client and application. Examples that I have been impressed with are the Stealth Technology from Unisys (it was developed in response to a military requirement to use commercially available network resources if dedicated secure resources were insufficient or failed) and CleverSafe.  Both of these technologies split the data up into separate streams and then encrypt. There are also other interesting technologies such as tokenization, data aliasing and data masking. To avoid security issues within a virtual machine, an application would need to be encapsulated by one or more virtual machines dedicated to that application.

Thoughts?

  • Share/Bookmark

This entry was posted on Thursday, January 21st, 2010, 4:51 pm and is filed under Wikibon. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

Thanks for reading our blog, you may want to subscribe to the RSS feed, or follow Wikibon on Twitter for future updates and information as well.

  • mversace
    Something has to change, but is it the model or the emphasis. For virtual environments security integration is the emphasis. Security integration is needed through the virtual stack - from an encapsulation of the Hypervisior, O/S, VM, and application meta data, and out through the infrastructure [servers, storage, networks). Policy automation is one important part of this integration.

    And significant application workloads will require more complete, end-to-end, security integration. There's no silver security bullet on the horizon, so despite the potential benefits offered through virtualization, executives will trust existing internal systems over virtual stacks for mission critical and real-time workloads due to fear about security threats, complexity, and completeness, until a better level of integration is achieved.
blog comments powered by Disqus