Five security trends to watch in virtualization
- Published: Friday, 28 April 2017 13:14
Vitaly Mzokov looks in detail at five emerging trends which are starting to effect virtualization security.
Virtualization security is focusing on integration
When it comes to security solutions for VDI and virtualized servers, enterprises are beginning to pay more attention to the smooth integration between various systems instead of simply examining product features under a microscope. Security solutions that can be integrated into the virtualization infrastructure at a sufficient level to detect cyber attacks in their early stages, as well as those that deliver malicious activity information to the components of the corporate environment to make quick decisions that isolate and analyse the threat, will be those that businesses opt for.
Through the integration between the infrastructure and security solution, enterprise-level customers are aiming to increase their reaction speed in response to security incidents, with the infrastructure and its automation platform executing management decisions and applying the changes. Enterprises will look for security solutions that can integrate with such infrastructure virtualization solutions (with automation inside) like VMware vSphere with NSX. Speaking of integration with VMware NSX, customers will prefer to keep using an agentless approach for server virtualization cases to preserve systems efficiency. Therefore, it is preferable for security solutions to integrate with VMware NSX in fully agentless mode. Moreover, since NSX has many integration capabilities, the ability to work via security tags and follow a policy-based approach is a must have for security solutions.
Finally, in constantly changing enterprise-level environments, there is always a risk of missing some virtual machines, especially offline ones, when executing an on-demand scan. Enterprises are looking at finding the easiest ways to make sure that powered off machines are not infected without powering them on.
Corporations to invest more in hybrid cloud protection
An emerging trend that will definitely gain more traction in the next five years is the transition from private to hybrid clouds. Corporate environments will be composed of private IT infrastructure and public cloud infrastructure. Both parts will be connected through protected communication channels – with the use of encryption among other tools – and managed from a unified console (or the control centre). Corporations are looking at which systems can and should be taken outside the corporate perimeter and placed closer to the customer. Public cloud environments make it easy to do this.
By 2020, the growth of public cloud infrastructure, and the resulting costs of the infrastructure and security solutions for it, are likely to increase by 2.5 to 3 times, compared to what the industry analysts demonstrated this year. Major cloud providers, such as Microsoft Azure, Amazon Web Services (AWS) and Google continue to lead, strengthening their positions and stretching out far ahead of competitors. They are doing this not only because of better reliability, availability or coverage area, but due to more sophisticated end-user experience and delivering a comprehensive set of automation and integration capabilities for workloads located in cloud.
Bringing a combination of on-premise and off-premise environments under a single architecture and unified management results in specific security requirements where traditional security solutions are a ‘no go’. This is because they do not provide a full set of security capabilities for elastic corporate hybrid clouds, nor can they immediately and effectively follow infrastructure changes and support business growth.
More attacks and more damage
The number of attacks on corporate players will continue to grow. It is not only that global companies use or do not use virtualization (at the moment more than 75 percent of businesses have been virtualized), but the question is whether they are able to watch all the processes occurring in the infrastructure in terms of information security. Because of the complexity of large corporate infrastructures and complicated relationships among different systems within it, attack detection time will increase, along with the damage. This means that more and more systems will be in the high-risk zone in the next year.
In a large corporation, everything is communicating with everything. It is like an organism - a very complex and sophisticated one. And, like an organism, if one of the interconnected systems is infected, then the infection rapidly spreads across the whole infrastructure. One can identify the symptoms and understand that something’s wrong, identifying all the infected areas to find the source and eliminate it can be difficult. Especially if one does not get to monitor everything that is going on inside the systems. In such cases, an organization might not even know it is under attack for months or more. A breach can be damaging, but a breach that no one has noticed is much more dangerous.
Of course, it does not mean that solutions for virtualized environments alone can eliminate all the risks associated with the infrastructure’s complexity. Corporations need to implement complex security strategies beyond an outdated perimeter-based “antivirus can protect me from everything” approach. There are tailored solutions and services available, such as penetration testing, APT reports, cybersecurity training for employees, and more.
Ransomware continues to impact on VDI
In terms of specific threats, it is worth mentioning ransomware because Crypto-locker and Crypto-malware threats will become a headache for virtualized desktops.
Ransomware can hit a virtual desktop as well as a physical workstation, but when it comes to VDI, the risks are significantly higher. An infected virtual machine is linked to a data centre / center, which means that localization and neutralization of the malware in virtual workspace might have an impact on all infrastructure and business processes. If malware makes its way to the golden image — a template used for creation of new virtual desktops — hundreds of the infected ones will be appearing every day.
Therefore, the challenge of VDI protection will go beyond the perimeter security to the level of each virtual machine where traditional endpoint protection solutions cannot help. Organizations must find efficient solutions, designed specifically for virtualized environments.
Mobility challenges call for unified security
The larger the enterprise, the more control it needs in order to make sure everything is safe and secure in how users interact with different business systems. Given that users are becoming more and more mobile and require seamless access to business services and applications from wherever they are, many corporations will find themselves implementing enterprise mobility management software (for example, VMware AirWatch) for thousands of endpoints. This will require powerful yet resource-efficient security solutions to be tightly integrated with those enterprise mobility systems.
Problems with mobile devices fall into two major categories - data loss and possible hacks through a variety of malicious applications. While implementing VDI does reduce the risk of data loss and the prevention of unwanted intrusions, there are still challenges for unified security management to ensure the same high level of protection is available and efficient across various operating systems and devices for mobile productivity.
Vitaly Mzokov is Solution Business Lead, Data Centre & Virtualisation Security at Kaspersky Lab. He is responsible for the product strategy and business development of security solutions engineered for enterprise-level infrastructures. Vitaly and his team concentrate on addressing security challenges specific to virtualized environments, and delivering to the global market tailored protection for server and desktop virtualization on the most popular virtualization platforms, including VMware, Citrix, Microsoft and KVM.