Use Wufoo integrations and get your data to your favorite apps.

Category: virtualization

There are 2 posts published under virtualization.

How Desktop Virtualization Enhances IT Capabilities

Virtualization of desktop computing capabilities is helping to make IT more of an asset for businesses and in many cases, enhances the capacities of individual employees within an enterprise context.

 

Let’s take a look at how and why these advantages are important.

 

Access

 

Desktop virtualization solutions from companies like Dell make it easier for IT departments to deliver access to a full range of corporate resources to large numbers of people on short notice. Because data management is centralized in a virtualized system, traditional desktop hardware is not relied upon to provide the kind of computing capabilities that employees require.

 

Additionally, the systems being used by a team of employees within a virtualized network can be upgraded in one fell swoop rather than on a piecemeal or case-by-case basis. Software upgrades, therefore, can be introduced more regularly as virtualization makes IT departments more flexible and responsive.

 

Responsiveness

 

At the current level of enterprise strategy and IT capabilities, virtualization offers what can be very valuable flexibility. A company can expand the scope of their IT applications quickly and across their entire workforce in direct response to market demands or increased competition.

 

Utilizing a virtualized desktop infrastructure means that IT ambitions and ideas can be acted upon much more rapidly than with traditional technologies, and in a much more comprehensive fashion. Even crucially, these kinds of fresh IT deployments can also be scaled back just as quickly, which means associated costs can be closely controlled and kept as low as possible.

 

Troubleshooting

 

Virtualizing desktops and the associated centralization of corporate data has the added benefit of making IT issues easier to troubleshoot as they arise. The enhanced visibility of an entire infrastructure means that even a single IT expert can resolve problems that might emerge and present problems for corporate users.

 

Where once a desktop failure would require an expert to be dispatched and scrutinize the hardware, virtualization provides the convenience of having network problems being resolved remotely and precisely.

 

Readiness

 

Shifting desktop functions from traditional hardware and networks to virtualized alternatives also means that businesses are automatically ready to alter the number of people using their IT systems. With a virtualized setup, taking on and empowering new employees needn’t be a cause for concern in terms of IT expenditure as costs can be very closely managed and solutions very easily deployed.

 

Dell has a host of desktop virtualization solutions available. To find out more about these or any other Dell products, head to the website at dell.com.

2304

Kaspersky Labs Explains Virtualization Security

In August 2012, the IT industry read headlines about a malicious Trojan known as Crisis or Morcut, which spread across PCs and Macs with the purpose of intercepting financial data.

But what made this particular piece of malware special was one of the ways it spread – by targeting virtual machines.  This was one of the very first pieces of malware to target virtual machines for infection…in the past, malware intentionally avoided virtual environments, since they are frequently used by security researchers to analyze malware.  But cybercriminals will always “follow the money,” and as virtualization has surged in popularity, it’s no surprise to see this change in tactics.

 

Just how popular has virtualization become? According to a Forrester survey in 2012, 85% of companies have either implemented server virtualization, or are planning to do so.[1]  According to a global survey of businesses conducted by O+K Research in 2012, 81 percent of US companies run business-critical services in virtual environments.

 

But, while virtualization has grown in popularity, securing virtual environments has lagged behind.  In fact, a Gartner report claims that “… in 2012, 60% of virtualized servers will be less secure than the physical servers they replace”.[2]  So what reasons lie behind the apparent paradox of ‘fast to virtualize, slow to secure’ when security threats – particularly from malware – are greater than ever before?

 

The primary reason behind this lag in virtualization security is a perception that a virtual machine is more secure than a physical one.  The truth is that while virtual machines may be less prone to threats such as spyware and ransomware, they are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans and even targeted ‘spear-fishing’ attacks.  One major security benefit of virtualization is when a temporary virtual machine is “turned off,” any malware is typically wiped away with it, and a new virtual machine can be created from the base configuration.  Now, we’re seeing examples of malware that can survive the decommissioning of non-persistent virtual machines and become active again when the virtual machine is put back into operation.

 

In fact, the main befit of virtualization is actually the source of its greatest security weakness.  According to the National Institute of Standards and Technology:

“Virtualization adds layers of technology, which can increase the security management burden by necessitating additional security controls. Combining many systems onto a single physical computer can cause a larger impact if a security compromise occurs. Further, virtualization systems, which rely on a shared resource infrastructure, create a dangerous attack vector in which a single compromised virtual machine impacts the entire virtual infrastructure.”[3]

 

Here is a quick overview of the top risks to the virtual environment:

  • Infection in one virtual machine has the ability to infect data stores that other virtual machines use, spreading the infection and compromising additional systems and data.
  • One virtual machine can be used to ‘eavesdrop’ on another virtual machine’s traffic.
  • Malware has historically been created to avoid virtual systems. Now malware creators are writing code that targets both physical and virtual machines. Some malware is designed to survive the ‘tear-down’ of a non-persistent virtual machine allowing it to ‘return’ when the virtual machine is re-commissioned.

 

But despite these risks, Security has been largely an afterthought in the server virtualization movement.  In most IT organizations, it is the network team, the server team, or the Data Center team that handles server virtualization deployment projects, with the security team often joining in at a later time.  In most cases, the conventional thinking is to apply existing security practices for physical devices to the virtualized environment, and believe that whatever has worked for physical environments will be good enough in the virtual environment.

 

Businesses may assume that their virtual infrastructures are already secured via perimeter security.   But now that VMs are being deployed for desktop applications and critical server applications, securing the edges of a network isn’t enough.  Having “no security” on these critical endpoints isn’t an option anymore.

 

It’s also important to understand that since virtual systems are different from physical systems, virtual machines should be protected differently than physical endpoints.  When evaluating virtualization security solutions, businesses should pay attention to the differences between “agent-based” and “agent-less” offerings.   An agent-based offering follows the traditional model used to secure standard workstations – a copy of the software runs on each machine.  But with virtual machines, instead of having each individual workstation responsible for protecting itself, businesses can instead off-load security activity onto a single, separate appliance.  This agent-less approach offers several advantages for virtual endpoints, including:

 

  • A central scanning engine means each machine isn’t wasting time scanning the same files – they are scanned centrally, which doesn’t drain resources from each endpoint
  • Virtual machines are created under the security umbrella of the central scanning engine, eliminating the so-called “Instant-On Gap,” where a new virtual machine is created, but defenseless until security software can be installed.
  • Security updates are downloaded, configured, and installed once by the central security appliance, not by each virtual machine.  This avoids “AV-Storms” caused by numerous machines downloading updates at the same time, and drastically slowing down the network.

 

Understanding the realities of virtualization security lets IT managers take the first steps towards securing their network without sacrificing the performance and flexibility that made virtualization so appealing in the first place.

 

-Mark Bermingham, Director, Global Product Marketing, Kaspersky Lab



[1] The CISO’s Guide to Virtualization Security, Forrester Research, Inc., January 2012

[2] Gartner: Virtualization security will take time, SCMagazine.com, March 2012

[3] Guide to Security for Full Virtualization Technologies, National Institute of Standards & Technology

347