Data Backup & Recovery Blog

Virtualization and its Inherent Security Threats

Posted by Stephanie Aldrich on April 7, 2016

Virtualization.jpgVirtualization is one of the core components of cloud computing, as it provides scalability and flexibility by enabling cloud service providers to emulate a hardware platform that is agnostic to both operating system and user workload to run different applications. The inherent security threats in virtualization include: communication blind spots, mixed trust level virtual machines, and inter virtual machine attacks.

In a general virtualization framework, the security appliance for the network is blind to the communications between virtual machines unless they are routed through the appliance channel. This introduces unnecessary time lags when users are trying to access the virtual machine. In the case of clouds, the virtual machine is integrated to the hypervisor within the cloud server and is not available to the end user. This poses a possible security breach due to lack of visibility and could potentially create a hole that malware can take advantage of.

If hackers manage to get into one of the guest virtual machines in the cloud server, they can compromise the integrity of other virtual machines on the same host, if appropriate security is not present. Attacking the hypervisor can cause several machines to be compromised simultaneously. The hypervisor is software installed on the host machine to enable the various virtual machines on it to communicate with the actual physical hardware resource. Since hypervisor has complete control over the operations of the virtual machine, it is a natural target for attack. This can be attempted by a “guest virtual machine escape”. When a virtual machine is attempting an infection, it can break itself out of the isolated environment created for it and attack the hypervisor. This phenomenon is commonly called “hyperjacking”.

There could be various machines with varied levels of confidentiality, security and sensitive data, which can be compromised. A virtual machine with different levels of confidential secure data is often vulnerable to attack by hackers. These hackers can target the virtual machines with less critical data and fewer security measures to access the more secure data. The system should set up segregate or regulate virtual machines with different trust level data to mitigate this issue.

Due to the nature of virtualization, rapid provisioning and decommissioning of virtual machines on a host can prove to be a big challenge for security provisioning. Certain time of inactivity make the virtual machine dormant, causing it to potentially fall off the grid and not get any security updates on a periodic basis. When a guest virtual machine that has been dormant for a while is reactivated, it potentially has outdated security and could be vulnerable to hackers. Hackers typically try and exploit such virtual machines and create clones of it on the dormant virtual machine template.

It is important that organizations are aware of these possible risks and create processes and policies to address these potential gaps. Virtualization is a great asset – providing flexibility, scalability and cost efficiency – but only if it is managed correctly.

Topics: cloud service provider, cloud computing, data security, virtualization, cloud service

Browse by Tag