Server and workstation virtualization offers companies considerable advantages. First of all, it allows them to cut costs and enhance corporate network performance. It also provides operational stability and centralised control. However, the security threats facing the virtual environment should not be underestimated. System infection could not only wipe out all these above mentioned benefits of virtualization, but can also cause serious harm to the company.
One of the greatest advantages of virtualization – IT resource efficiency – can suffer when sub-par security deployments apply physical security rules to virtual machines. As there are many smaller businesses operating in and out of South Africa, it is critical that these businesses not only understand this risk to their server environment, but that they also invest in the right solutions when undertaking virtualization – as company protection is crucial.
Virtualization has already become a worldwide trend. 94% of corporations ranked on the Global 500 list and 97% of major US companies from the Fortune 1000 rating have already virtualized their servers. Off course in South Africa, the virtualization rate is lower however this technology looks to have a promising future. Individual companies usually go through their own specific stages of evolution before fully implementing virtualization technologies, as will South African businesses.
Therefore – as a rule, the move towards virtualization seems to begin with a pilot scheme where a ‘test’ server is virtualized, then, over time, as the technology actively penetrates the company’s network, we are seeing organisations virtualize up to 90% and sometimes 100% of their data.
Gartner supports the rise of virtualization, predicting that approximately 50% of the 86 architecture server workloads will be virtualized by the end of 2012. From such stats as well as industry interest, it is clear that virtualization is a trend that is here to stay. As a result, businesses need to realise the importance of keeping their information secure.
There are very few specific threats that only target virtual environments. However, all viruses designed for physical servers are just as dangerous for virtual machines. That is why any ‘claim’ that virtual machines are less vulnerable than physical ones is just a myth. Moreover, one infected machine can threaten the operation of other virtual machines running on the same host server. Additionally, most malicious programmes can be stored on a virtual machine even when it is inactive, and resume their malicious activity when it wakes from standby mode.
All viruses are evenly dangerous for virtual as well as physical servers. Either way, it is extremely important for businesses to ensure that all of their data is secured, be it on a virtual server or on a physical server, as malicious programmes can penetrate these servers no matter their location.
There are two main methods when it comes to protecting virtual environments – a software agent or a “thin client”. It is also possible to use a combined approach where both methods are implemented on a corporate network.
Protection using software agents entails the installation of an antivirus programme on every virtual machine. This sort of configuration will be able to fulfill the task of providing the server with antivirus protection, but is rarely the best solution in terms of performance. The software agent approach should therefore be split into two sub-divisions: a standard solution, which just uses an ordinary antivirus programme in a virtual environment, and the use of a so-called virtualization-aware programme.
When using virtualization-aware solutions, the antivirus programme assigns scanning tasks to virtual machines in such a way as not to overload the host server or create peak loads on the system. However, installation of an antivirus programme on each virtual machine inevitably leads to multiple replications of the antivirus engine and signature databases.
This can hamper general system performance. There are specialised solutions available which offers a fundamentally different approach: virtual scanning is performed from a dedicated virtual machine with a dedicated antivirus solution installed – Kaspersky Security for Virtualization is an example here. This achieves the optimum balance of protection and performance: a single antivirus programme with a single antivirus engine and one copy of the antivirus databases is responsible for the security of all protected machines on the host server.
Costin G. Raiu, Director, Global Research and Analysis Team at Kaspersky Lab