VMware executives at Interop claimed that hypervisors are the key to enforcing strong security policies, giving...
enterprises a new security layer to control the two basic approaches to protecting data (on the endpoint or in the infrastructure). Vendor hype aside, has hypervisor technology in general reached the point where every enterprise should incorporate it as part of its baseline security strategy?
The presentations at Interop focused more on ideas vendors want to implement in their products rather than what enterprises can buy off the shelf right now. However, hypervisor technology definitely has a growing role to play in improving overall data security, so I think it's probably more accurate to say that hypervisor technology may be reaching the point where every enterprise should seriously consider incorporating it into its baseline security strategy.
Let's look at why hypervisors can be used to enforce security policies and thereby improve overall security.
A Type I, or bare metal hypervisor, is the first thing to be installed on a server; it communicates directly with the underlying physical computer hardware resources and the virtual machines (VMs) running as guests on top of and sharing that physical hardware. As the only interface between virtualized processes and the underlying hardware, the hypervisor is a unique control point for security policy enforcement: It is outside of any one virtualized server, but can observe server and application resource requests in detail and in context. (A Type II hypervisor , or hosted hypervisor, is loaded on top of an already live operating system, so it is not as well positioned to enforce security policy.)
At the moment, cloud providers including Amazon and Google offer multi-tenancy in their clouds where customers' VMs are isolated from each other even though they run on the same underlying physical server. Virtualization vendors are looking to offer similar multi-tenancy but on end-user machines with micro VMs (mVMs) each running a separate user task, such as viewing a webpage or opening an email attachment.
In this scenario, each mVM will be isolated from the others, as well as from the underlying operating system on the end user machine. It is not given access to any inessential resources such as the computer's file system, network or peripheral devices. This means that if the task encounters malware, the malicious code can't access other data or the rest of the network because these resources are simply not present. If malware attempts to modify the Windows kernel or DLLs in the file system, it makes changes only within the mVM. When the user task is finished (for example, when the user browses to another webpage), all the cached changes are deleted and the underlying system is unaffected.
As this is hardware enforced isolation rather than software sandboxing, it should prove to be more robust. Bromium vSentry is the software closest to delivering hypervisor-based endpoint security through hardware-enforced isolation. By relying on malware isolation rather than detection, users should be able to access whatever information they need from any network, application or website without risking infecting the entire enterprise network.
Although hypervisors are in a good position to provide security, they do introduce a single point of failure. Hypervisor software must be kept simple to reduce the attack surface and keep it secure. That said, a hypervisor-powered security model could finally turn the war against malicious code.
Ask the Expert!
Want to ask Michael Cobb a question about application security? Submit your question now via email! (All questions are anonymous.)
View the top 10 hypervisors
Learn more about how hypervisors secure virtual servers
Uncover hypervisor security vulnerabilities to look out for
Dig Deeper on Virtualization security issues and threats
Related Q&A from Michael Cobb
Many users of the file-sharing website Docs.com were unaware that the sensitive data they uploaded was searchable. Expert Michael Cobb explains how ...continue reading
The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains ...continue reading
The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.