Neil MacDonald

A member of the Gartner Blog Network

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Coverage Areas:

Addressing the Most Common Security Risks in Data Center Virtualization Projects

by Neil MacDonald  |  January 27, 2010  |  5 Comments

One of my frequent blog posting topics is virtualization security. Virtualization isn’t inherently insecure, but in many cases, it is being deployed insecurely. The latter is a result of the relative immaturity of our tools, processes, staff and service providers. Also, in many cases, information security isn’t proactively involved in the virtualization planning. Survey data from Gartner conferences in late 2009 indicated that about 40% of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages — an improvement from the same survey a year earlier where 50% indicated that they didn’t proactively involve information security.

Based on responses from the same survey, I’ve just published this research note for clients: Addressing the Most Common Security Risks in Data Center Virtualization Projects  to specifically address the risks that were rated the highest. The survey data is being turned into two research notes. Here’s a list of the most highly rated risks that I addressed in the first RN:

  • Information Security Isn’t Initially Involved in the Virtualization Projects
  • A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads
  • The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms
  • Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking
  • There Is a Potential Loss of SOD for Network and Security Controls When These are Virtualized

I’m not a doom-and-gloom type of security analyst, so the bulk of the 10 pages in the research discuss specific actions you can take to address each risk in detail and I provide multiple options to either reduce or eliminate each risk based on established best practices from discussions with thousands of clients over the past three years on these issues.

5 Comments »

Category: Next-generation Data Center Virtualization Security     Tags: , , ,

5 responses so far ↓

  • 1 Mike Wronski   January 28, 2010 at 10:29 am

    I couldn’t agree with you more Neil. The gaps along with the general new challenges to managing virtualization is what drove Reflex to broaden our focus from pure network security to a more comprehensive view.

    Its not just network segmentation leaving people at risk, it’s the change controls, access controls, and difficulty auditing them. The Reflex VMC product provides visibility and control points across the entire virtualization infrastructure which allows both the InfoSec team and Operators of virtualized environments access to the data and controls they need to mitigate these risks.

  • 2 A Downside to Hyper-V   February 11, 2010 at 3:33 pm

    [...] argue that the x86 virtualization platforms that we are installing (ESX, Xen, Hyper-V and so on) are the most important x86 platforms in our data centers. That means patching this layer is paramount. With Hyper-V’s parent partition that means closely [...]

  • 3 Another Hypervisor Hack   March 14, 2010 at 4:41 pm

    [...] should be protected accordingly. I provide pages of specific recommendations on how to do this in this research note for [...]

  • 4 Shirief Nosseir, CA   March 26, 2010 at 11:16 am

    It’s about time to see that the importance of controlling and monitoring administrators, and ‘privileged users’ in general, is set to increasingly grow and get the attention it deserves. With virtualization becoming the de facto platform and cloud computing gaining more traction, the threat posed by privileged users will become more critical and challenging to manage over the next few years.

    To find out more about the importance of managing privileged users in virtual and cloud environments, please read my recent blog at http://ow.ly/1reuZ.

  • 5 Observations from Symantec’s Vision Conference   April 14, 2010 at 10:51 pm

    [...] Symantec is finally starting to talk about virtualization and security, it hasn’t made much meaningful progress. For example, even the basic ability to randomize and [...]