Print This Story  Email This Story  Save this Link View PR Newswire's RSS Feed  Blogs Discussing this News Release  Search Blogs that Mention this News Release  Click this link to view linked Bookmarking Services Click this link to view linked Blogging Services

SunGard Availability Services Outlines Five Essential Steps for Improving Virtualization Security
 

Organizations Need to Make Virtualization Security a Higher Priority

WAYNE, Pa., Nov. 12 /PRNewswire/ -- With virtualization technologies becoming pervasive in the data center, SunGard Availability Services, the pioneer and leading provider of enterprise-wide information availability, outlined five essential steps for addressing virtualization security challenges:

  • Include security in total cost of ownership calculations
  • Make security a priority in the virtualization design phase
  • Monitor the invisible network
  • Control portable storage
  • Stay current on virtualization security research

The steps reflect the strategic belief that information security must be integral to the assessment, design and implementation phases of virtualized environments to protect data assets and meet compliance requirements. With many organizations focusing on virtualization benefits, they must also examine core risks before it is too late - meaning security needs to be built in from the start.

"In the rush to implement virtualization technologies, we are seeing organizations recreate the same security mistakes which were made in physical environments over the past two decades," said Richard Rees, director of security solutions at SunGard Availability Services. "This is happening largely because they have failed to recognize that new technologies create the same risks, albeit from a different perspective. With the potential for compromises in one virtual system or hypervisor to lead to compromises in multiple applications in a virtualized environment, the risks are too great for organizations to make security an after-thought."

SunGard recommends including the following steps when planning security as organizations look to implement virtualization technologies:

Include security in total cost of ownership calculations. A top driver when considering virtualization is cost savings achieved through improving server utilization and server consolidation in the data center - savings based on hardware, data center footprint, and provisioning cost reductions. Security needs to be factored into these calculations to provide a complete picture. For example, virtual appliances that provide monitoring, intrusion detection, patch validation and tracking, and other security services may need to be installed on each physical platform. This can reduce the number of virtual servers supported per physical host, impacting ROI.

Make security a priority in the virtualization design phase. Organizations need to monitor security metrics along with performance within the virtual world - requiring intelligent choices to be made in isolating applications and systems. For example, isolating credit card information to a single virtual environment can greatly reduce the PCI compliance footprint for e-commerce merchants. However, placing the Internet-facing Web server that takes credit card information on the same physical host as the application server checking inventory and the database managing order tracking increases the risk of data compromise.

M onitor the invisible network. While a physical server environment passes data traffic across a physical network that can be monitored, a virtual server connects to a virtual network - making it difficult to monitor and protect data in transit between virtual machines. This is driving proven solutions in the physical world, such as intrusion detection and sniffers, to be adapted for virtual environments. Other solutions on the horizon include increased monitoring at the hypervisor level, virtual patch management and tools to conduct security investigations on virtualized systems.

Control portable storage. Controlling the use of personal data storage devices has never been more important than in a virtualized environment. Virtualization is an excellent technology to enhance recovery due to the portable nature and size of virtual server images. Organizations can copy their system images to a hard drive and bring them to a recovery site, connect them to the replicated data, and be hours ahead on their recovery timeline. However, USB flash drives, secure digital cards, and iPods can provide gigabytes of portable storage to any user - suitable to copy a few server images and walk out the door. Having a management solution for these devices is necessary to protect sensitive, personally identifiable and proprietary business information typically present in a server image.

Stay current on virtualization security research. At the 2008 DEFCON hacker conference, a leading security researcher demonstrated multiple ways to compromise hypervisors, which in turn compromise the virtual hosts, exposing corporate assets such as credit card information, salaries and benefits, and proprietary business strategies and research. Keep in mind these potential attacks are only the tip of the iceberg and organizations need to stay current to deploy appropriate countermeasures and, in some cases, other controls to address a problem for which there is no current solution.

"Security is only as strong as its weakest link," said Deepak Batheja, chief technology officer and senior vice president - products at SunGard Availability Services. "That's why security needs to be front-and-center when creating virtualization strategies. SunGard Availability Services offers virtualization consulting services that include security solutions. We are experienced in guiding organizations through virtual environment ROI, assessment, design, and implementation phases with security considerations addressed at each step."

SunGard Availability Services

SunGard Availability Services is the pioneer and leading provider of information availability solutions, helping to ensure that 10,000 customers in North America and Europe have access to their business-critical information systems. With four million square feet of operations space, SunGard offers a complete range of information availability solutions that include managed IT, professional and business continuity services. SunGard provides services to support an always-on production environment, as well as over 30 technology platforms to support customers who require a traditional 24-48 hour recovery time frame. SunGard also has technology and systems management services for application and data center outsourcing, as well as business continuity consulting services and planning software. For more information about SunGard Availability Services, visit www.availability.sungard.com or call 1-800-523-4970.

About SunGard

With annual revenue of $5 billion, SunGard is a global leader in software and processing solutions for financial services, higher education and the public sector. SunGard also helps information-dependent enterprises of all types to ensure the continuity of their business. SunGard serves more than 25,000 customers in more than 50 countries, including the world's 25 largest financial services companies. Visit SunGard at www.sungard.com.

Trademark Information: SunGard and the SunGard logo are trademarks or registered trademarks of SunGard Data Systems Inc. or its subsidiaries in the U.S. and other countries. All other trade names are trademarks or registered trademarks of their respective holders.

SOURCE SunGard Availability Services