The magic pixie dust that makes a cloud a cloud is virtualisation technology. It makes one computer behave as though it were many. It also makes many computers behave as one.
That may be a mind bender but it’s that sort of deconstruction of the physical world of fixed hardware that allows a cloud provider to achieve unprecedented economies of scale.
One of the more curious aspects of virtualisation is the “virtual machine”. A virtual machine is nothing more than a file that is used to represent its physical counterparts. No hardware to purchase. No shipping fees. No wires to plug-in. (For those readers that are experts on virtualisation, please forgive the oversimplification)
Hundreds of virtual machines are likely working in earnest inside your own organisation, and this number will be steadily increasing. And all those virtual machines are important to your business. They can run your email system, your expense reporting application or your customer portal.
So let’s briefly look at some of the ways that the virtual world of servers, applications and networks is different than the physical one.
Moving a physical server can be back-breaking work. You pick it up, twist your neck and fall down. A virtual machine (after all it’s a file) can be made to zip across a corporate network or the Internet. Let’s think about that for a moment. What if your accounting system (all of it) gets intercepted and lands in the wrong hands? Or (just thinking out loud), how about if an evil virtual machine file over-writes a legitimate one, and starts processing (and pilfering) your data?
We are awfully familiar with our laptops going to sleep (and waking up with a hang-over). How about if 10, 20 or 30 virtual machines that are suspended start to wake up at varying times of the day or week. Now imagine if a virus is lurking on each machine. Will all occurrences of that pesky virus be identified by the corporate anti-virus system? It’s worth thinking about the implications of configuring the virus scan to take into account the different states of a virtual machine.
Another interesting property in the virtual world is time. A virtual machine has to keep time, if for nothing else than to remind you of mum’s birthday. Time is important to ensure the integrity of digitally signed transactions. Timestamps can also be stomped upon by a perpetrator to mask their activities. Without getting into the weeds a virtual machine keeps time differently than its physical counter-part and can drift.
Although there are some other security issues around virtualisation, there are plenty of best practices to implement a safe and sound virtual infrastructure. Take a look at your policies and procedures to make certain they are available and executable in a virtual setting. Some examples:
- Continue to protect the physical environment.
- Control who creates virtual machines
- Quality control must include real-time configuration management
- Consider encryption as an extra layer of protection for high-risk assets
- Get to know your virtualisation technology and how it can be exposed
Walid Negm, Director of Cloud and Security Offerings, Accenture Technology Labs