Author: Chris Sutherland, firstname.lastname@example.org
A question was recently asked of me as follows, “I am familiar with the concept of VM (Virtual Machine) which IBM invented back in the early 1970’s. How would using VM provide greater security? And why would a bank customer want this?”
Let me begin my response by saying there are a number of good reasons to choose virtualization that make sense from a business standpoint (you can refer to my blog post, “Is Virtualization the Right Choice for your Financial Institution?”) With the appropriate setup and VMware’s virtualization solution, you get a secure and robust solution that has both the technology and the processes to ensure that the high standard is maintained in all current and future products. VMware virtualization gives you the following:
• Secure Architecture and Design: Based on its streamlined and purpose-built architecture, vSphere (the VMware Hypervisor) is considered by many experts as the most secure virtualization platform.
• Third-party Validation of Security Standards: VMware has validated the security of its software against standards set by Common Criteria, NIST, and other organizations.
• Proven Technology: More than 250,000 customers – including all of the Fortune 100 as well as military and government installations – trust VMware to virtualize their mission-critical applications.
Because VMware uses what is called a “Bare-Metal Virtualization,” meaning that the hypervisor (virtual machine manager) resides on the physical server, there is no dependency on an operating system that could add a layer of insecurity as well.
Another point to consider is the “Thin Virtualization” concept. “Thin” virtualization was started with VMware’s release of ESXi 3.5 and continues to improve and dramatically strengthen security and manageability as follows:
• Reduced size makes the attack surface much smaller and reduces the potential for vulnerabilities.
• Independence from the parent partition or console based on a general-purpose Operating System means far fewer interfaces to exploit and less malware threats, which is especially important given the path of device drivers from the Virtual Machine to the physical hardware.
• Unstructured, console-based interaction from administration is replaced by authenticated and audited interfaces.
As an added point for securing the environment VMware has a security suite of software called vShield. The vShield Product Family is the foundation for trusted cloud infrastructures. vShield enables adaptive and cost-effective security services within a single management framework. Three of the benefits are:
1. Reduce Complexity with Unified Security Policy Framework for the Cloud. vShield provides a comprehensive set of services for securing the datacenter at any level – host, network, applications, data and endpoints, in a single management tool integrated with vCenter Servers.
2. Secure Applications and Data with Adaptive Trust Zones. vShield allows organizations deploying cloud infrastructure to create adaptive trust zones that securely isolate applications with different trust levels and also quarantine applications that may have been compromised.
3. Accelerate Compliance and Automate Remediation. Exposure or leakage of such data – for example stolen credit card information – can cost an enterprise millions of dollars and/or harm its reputation. VMware vShield also provides organizations with the ability to identify sensitive business information and ensure it is protected. This includes over 80 pre-built templates for the most common standards of protecting sensitive data.
So what have we concluded? The reasons we have cited here, plus the fact that many companies (including financial institutions) are using virtualization in production environments lead us to the realization that virtualization is not only good for testing, but it is secure and makes sense in everyday production environments for business-critical applications, as well as servers.