Virtualization: Disruptive technologies part 2Date: Feb 13, 2009
Security pros Chris Hoff, Rich Mogull and Dino Dai Zovi discuss the greatest benefits virtualization can offer enterprises, as well as some strategies for anticipating threats to virtualized environments.
Also check out:
- Part 1: Greatest threats to virtualized environments
- Part 3: Organizational challenges of virtualization
- Part 4: Virtualization and security vendors
Read the full text transcript from this video below. Please note the full transcript is for reference only and may include limited inaccuracies. To suggest a transcript correction, contact firstname.lastname@example.org.
Virtualization: Disruptive technologies part 2
Dino Dai Zovi: I think the security benefits of virtualization
really drill down to two very simple things. One, it's another barrier;
it's another separation of privilege. Two, kind of the obvious one is
it allows hosts to be moved very quickly. To be able to isolate hosts
into segments, and basically separate them off and put them in
containers and have good host isolation between business units
and have transaction zones.
If you have a fully virtualized environment, you just point and
just move them around and they're there. You're not ripping up new hosts,
putting them in racks, and it's very easy to manage your dependency between
hosts. You can make sure that a credit card comes in from the web, it goes
back to the database, stays with the missed transaction zone, and then
everything else we do corporate-wise is completely separated.
If you're coming into an existing environment where things are
If everything were virtualized, it's very easy to untangle it, because you
have less dependency between hosts. We're learning that you can't run a lot
of applications on one server. Yes, technically you can, but basically
complexity gets out of hand. And so, if you just make one host one function
and basically store all of those in VM’s you can move them around as much as
you need, and they're independent.
Chris Hoff: So it has a dark side, right? Which is the notion
of the fact that in
today's network based security options, as well as the host ones quite
honestly, the affinity of policy is based on IP address. However, the
things that sit in front of those IP addresses are very rigid, they're very
static, and the policies don't flow. There's no affinity between like a
VMID and a policy yet that says, if I V motion this VM of anyone of those
components from behind $10 million of state of the art security
infrastructure to now a VLAN over here in front of a big system with
54 GT. Which is entirely possible, it's problematic in as much as you get
the fantastic benefits of the dynamism.
The way in which we're describing policy at the network level
up. The neat part about it is it's going to force the issue for network
security, and they're really going to have to react to that. In fact, they
already have, because if you look at what Cisco's doing with IO
virtualization or how they're essentially looking at the reality of their
vision, and their investment in Vmware such that they can, for example,
potentially create third party virtual switches for those platforms that
which mimic a mini catalyst, which I was getting to, a mini cat
sitting in your VM server.
Their vision ultimately has been data center OS, and you
alluded to the
talk you've given recently regarding grid and utility compute is that it's
just pools of resources and information is designed and architected such
that you can define business processes and logic. And as long as you
maintain service levels and security, you just say I want this, and this, I
want the firewall to be over here, I want this stack to be protected by
this and go. I mean that's where we are to get to.
What's interesting about this discussion is that virtualization
1.0 if you
will, or version 1.9, because it's 30 years old already. Whatever it is,
it's just going to set the stage for what we're already seeing with Amazon
EC2 and S3, with things like 3Tera which you've spoken about, with
utility and grid compute, with what huge service and e-commerce providers
are already starting to get at which Google already does. They don't even
use virtualization as we know it, but it's an amazing opportunity, and it's
going to drive some fundamental changes in the way in which we actually
practice what it is we do.
Dino Dai Zovi: I think you bring up an interesting challenge. I
virtualization is definitely on the road to commoditized grid resources.
Grid computing, grid storage, and then we just need to as we're
moving towards that, keep track of our data flows. I think of security as
a one big data flow problem. Whether you're looking at an application
close up, how does data flow from one privilege level to the other?
Where do we have to perform more input sanitization, or if we're
looking for via a network? What goes from here to there and let's
scrutinize traffic, so put a firewall here. Input sanitization and firewalls
are essentially the same thing, they're just at different levels.
And so, you see this everywhere, and all we have to do is once
we have all
these totally fluid resources of storage and compute. I think that will
make it easier for us to track our data for our business process and then
just say, we know that credit card numbers are ending up on this laptop
that's going to end up on this airplane, get lost, then we know where our
data is, and we know where it travels.
Chris Hoff: The cool thing is it's going to be a forcing
going to have to because if that server is in Pakistan, and that one's in
Georgia, that one's in Cleveland, the reality is if you don't understand
how data flows. Imagine trying to trouble shoot an application that way.
The reality is, it's going to force a top down and a bottoms up redesign and
approach to how we deploy applications. That's going to be a long runway,
but in the short term we still get the benefits of isolation, we still get
all the cool things we talked about in terms of what virtualization brings
to us in terms of business agility, flexibility, and DR and all those sorts
But we oftentimes get caught up when we discuss these things.
We love to
talk about the future state and kind of forget the crap ball that we're in
right now. But I think by talking about them, by bring those issues to the
surface, the nice part is that industry is reacting, I think, in a more
compressed time frame than they have to a lot of other technology
insertions and disruptions. That's a good thing.
Rich Mogull: Chris, you wrote a blog post a few months back
kind of like the four horsemen of the virtualization Apocalypse, which
I believe is also your Black Hat talk, not to promote or anything. But
I remember reading this, and you did a really great job concisely
defining it. These are the areas where life is really going to suck in
the future for virtualization if we don't start looking at these problems.
I kind of looked at this and laid it out extremely clearly. Some of these
issues we talked about today, a few others we haven't talked about...
well, let's take a step back.
What does this mean to us today? What can we actually do today
our environment and a lot of comes down to the stuff Dino just said,
which is understand your data-flows, and things like... Let's take like
minded systems of similar classification levels and clump those
applications all together on the same physical host. So, we don't have
things on the same physical host of multiple security layers and where we
still need to monitor network communications. We've got these resources so
that we can pop the host over here, assuming that you're even monitoring
that stuff in the first place. Just be a little bit smarter about the risk
assessment of this which really comes down to, what application am I
running? what database is this connecting to? how do these things link
together? all that stuff we can do today.
It doesn't take any miracle. The miracle part is actually
executive sponsorship so that you can go ahead and do this, going back to
the political issues. And just by following those few basic precautions,
you're going to be set up for... As these other things occur, you're going
to be in a better position. Even when we get to the fully elastic place
where we're moving those VM’s around and everywhere else, if you have
within your system, you've already said, OK, I can move this VM from here.
It's only allowed to go to these three locations because these
are the ones
that comply with the security policy for that particular VM, bam, you just
drag and drop. You throw it where you need to. You're not going to have
worry about crap, do I need to reconfigure arrays on this one,
and move this stuff around and everything else. You pre-evaluate an
environment and move these things around the way they need to be moved
around, and then you're going to be good to go.