5 Laws of Virtualization Security - The Impact on Risk
(
Page 6 of 7 )
The Impact on Risk
Although the benefits of a virtual environment are clear, they are not always realized in every architected environment. The fact is that the various characteristics will be mixed and matched with other IT resources. Given that probable outcome, it is useful to review risk principles and apply them to a virtual environment. The Burton Group defines risk as a function of threats, vulnerabilities and consequences, and an increase in any of these three elements increases overall risk.
Threats: At this stage of virtualization technology development, the likelihood that malicious attackers will target virtual environments is relatively low. That said, as more people get trained on and learn about virtualization, attackers are bound to follow. Given the adoption rate of virtualization technology, it’s reasonable to assume this threat is accelerating quickly.
Vulnerabilities: The vulnerability of a system is a measure of its attack surface: the nature and extent of resources that are exposed and therefore attackable. Of course, if isolation mechanisms like firewalls or operating system access controls fail, the attack surface balloons to encompass the entire machine. The question, then, is whether the attack surface of a system or of an enterprise IT environment as a whole increases or decreases with the deployment of virtual environments.
The attack surface increases with the increased availability of services on any IT resource. This means that the addition of a system to an enterprise environment increases the attack surface. At a more granular level, starting services, opening Transmission Control Protocol/User Datagram Protocol (TCP/UDP) ports and registering remote procedure call (RPC) endpoints also increase the attack surface. If more resources are consumed, more risk is incurred.
Most virtual environments aim to make themselves transparent throughout the environment. However, something new is behind the scenes of the systems: the hypervisor and VMM. The addition of the hypervisor resource increases risk, just as any other additional service does.
So, if everything else remains constant, the vulnerability component of risk is increased in virtual environments. Everything else does not have to remain constant, however. To whatever extent other resources can be reduced, eliminated or isolated so they are no longer part of the attack surface, that will offset the increased attack surface and reduce overall vulnerability.
Consequences: The final component of risk is the impact or consequences of a successful attack. In most IT environments, the value of information assets is increasing as organizations work to squeeze out more benefits from systems. As these functions take on more mission-critical capabilities, associated losses increase as well.
