The real issue around server virtualization security
What is it that should really keep chief information security officers up at night? It's not the stuff of Michael Crichton novels.
There is a general paranoia about server virtualization in the security community that goes something like this. The server virtualization hypervisor acts as a resource switch enabling multiple virtual hosts to share a single physical system. In theory, if you compromise the hypervisor, you gain access to every virtual host along for the ride. Imagine an instance where 50 hosts live on a single Intel server and you can see that a hypervisor attack could have extremely serious ramifications.
Yes, this is theoretically possible, but virtualization vendors understand this threat and are pretty conscientious about protection. Starting with IBM and virtual machines on the mainframe, there hasn't been a single compromise at the virtualization operations layer that I know of. Of course software is always vulnerable, but a hypervisor attack seems like something out of a Michael Crichton novel rather than an everyday concern.
So what is it about server virtualization that should really keep chief information security officers up at night? A more pedestrian worry--lack of control. In a virtual server world, IT administrators can clone virtual hosts, move them around, or turn them on and off by accident or with malicious intent. What happens when an IT administrator moves a critical database server instance without re-configuring application servers or the network? How about when someone mistakenly adds a test server to the production network? The security "uh-oh" possibilities are endless.
The real threat here is that server virtualization takes on a life of its own without proper management and security controls. This is why VMware is investing in its virtual infrastructure, Citrix is keen on its Citrix Delivery Center, and Microsoft is pushing its System Center Virtual Machine Manager (SCVMM) architecture. Systems and operations management vendors like BMC Software, CA, Hewlett-Packard, andare also paying close attention and adding virtualization capabilities to tools, processes, and services. Given its 30-plus years with mainframe virtualization, IBM for one has seen this movie before.
In the security world, there are theoretical threats and there are everyday threats. The server virtualization crowd is constantly dragged through the mud about theoretical threats but it's the everyday threats that tend to bite us all in the butt. If users focus on sound server virtualization policies, controls, operations, and safeguards, rather than the virtual security bogey man, they should be able to reap the benefits of server virtualization without a substantial increase in risk.