Physical->Logical Shockers
A key value proposition of both internal and external clouds is reduction in cost from shared resources. Virtualized processors, virtualized storage, virtualized CNAs (Converged Network Adapters) and Virtualized IO are all running virtual machines on commodity hardware.
However, security has its foundations on protecting real objects. An IP address is linked to a real piece of hardware, storage ports have been masked or separated, and processors dedicated to specific sensitive workloads. Security products are often linked to specific hardware, as in encryption of data at rest, encryption of network traffic, and encryption of tapes. If the links between these technologies is physical (e.g., no connection between server and storage) or a well understood logical separation (e.g., LUN masking) then the security gurus can be persuaded that security is auditable. When all the components of the system are shared, the security experts that I have talked to throw up their hands in horror.
As Chuck Hollis recently said very eloquently, it is “easy enough to say, “yes, darn it, we need better tools!” He goes on to say “… tools in isolation can only get you so far. At some point, the model needs to change.”
My belief is that the security model for virtualization and cloud computing has to change from securing components to “end-to-end” security, between client and application. Examples that I have been impressed with are the Stealth Technology from Unisys (it was developed in response to a military requirement to use commercially available network resources if dedicated secure resources were insufficient or failed) and CleverSafe. Both of these technologies split the data up into separate streams and then encrypt. There are also other interesting technologies such as tokenization, data aliasing and data masking. To avoid security issues within a virtual machine, an application would need to be encapsulated by one or more virtual machines dedicated to that application.
Thoughts?
#1 by mversace on January 22, 2010 - 4:35 pm
Hi Dave – I agree something has to change, but is it a “model”, or “emphasis”. Security end-to-end (e2e) is a goal in my opinion, from which a business, process, data, and technology architecture can be developed. In virtual computing we need more than ever to satisfy security e2e, since things like physical perimeter protection become less useful. For example, the perimeter itself must become virtual, and exist at the VM or the Hypervisor layer, or both. And being able to encrypt, or bit slice, or disburse data are important security services, but need to be consider within a framework of other security services, including credential management, provisioning, auditing, policy management, and others.