Virtualization of the IT environment is not new, but virtual environment management apparently continues to be a problem.
In all, 48 percent of the respondents either reported or suspected unauthorized access to files on their virtualized servers.
Neglect Is the Problem
That high incidence of unauthorized access should come as no surprise—about 70 percent of the respondents had not implemented auditing of virtual machines, and 20 percent of enterprises with more than 5,000 employees said they had not set up file-logging capabilities.
But auditing isn’t necessarily a solution—even in corporations that audit all activity, 68 percent reported unauthorized access to files in their virtualized environments.
Why Things Go Wrong
Part of the problem seems to be a lack of understanding about how virtualization works. Varonis found that, after a workload is virtualized, people assume the details of managing file permissions and access are automatically taken care of, although this is not the case.
Another possible contributor to unauthorized file access, ironically, could be the IT best practice of separation of duties. Teams managing virtualization projects may see file security and governance as being outside their discipline, and IT security may not know what’s going on, David Gibson, vice president of strategy at Varonis, suggested in the report.
The very factor that sparked interest in virtualization—the ability to set up a virtual machine with just a credit card and an email account, which let creative people from the business side set up projects without having to wait for IT to allocate them computing resources—could also contribute to unauthorized file access.
Some organizations now include phone verification and other methods in a bid to control the unbridled creation of virtual machines, but it’s possible to work around these, Tom Andreesen, managing director at global consulting firm Protiviti, told me.
It’s important for enterprises to train staff to understand virtual file systems, Gibson said. They should also use automation to uncover security holes, monitor activity, and control access permissions.
According to a guide to security for full virtualization technologies published by the U.S. National Institute of Standards and Technology (NIST), enterprises that want proper virtual environment management and security should ensure that multiple services placed on a hypervisor have similar security requirements. Otherwise, attackers could go in through a service with low security needs to compromise one with higher security requirements.
Physically partitioning a hypervisor may improve security more than logical partitioning, NIST says. Such physical partitioning is an important part of the process of isolating guest operating systems for security and reliability. It may also improve performance.
Enterprises should monitor the network traffic, memory, processes, and other elements of guest operating systems, NIST recommends. They should incorporate additional security controls such as firewalling, intrusion detection, and access control through the hypervisor where possible.
Implement the NIST recommendations and other good security practices now, and keep your virtual files safe.
Photo Credit: lumaxart via Compfight cc