Security and virtualization are often viewed as opposing forces. After all, virtualization frees applications from physical hardware and network boundaries. Security, on the other hand, is all about establishing boundaries. Enterprises need to consider security during the initial architecture design of a virtualized environment.
Data security in the mass market cloud, whether multi-tenant or private, is often based on trust. That trust is usually in the hypervisor. As multiple virtual machines share physical logical unit numbers (LUNs), CPUs, and memory, it is up to the hypervisor to ensure data is not corrupted or accessed by the wrong virtual machine. This is the same fundamental challenge that clustered server environments have faced for years. Any physical server that might need to take over processing needs to have access to the data/application/operating system. This type of configuration can be further complicated because of recent advances in backup technologies and processes. For example, LUNs might also need to be presented to a common backup server for off-host backups.
Businesses need to secure data in the enterprise cloud in three ways.
- The first involves securing the hypervisor. The primary goal: To minimize the possibility of the hypervisor being exploited, and to prevent any one virtual machine from negatively impacting any other virtual machine. Enterprises also need to secure any other server that may have access to LUNs, like an off-host backup server.
- The other area that needs to be addressed is the data path. Enterprises need to pay attention to providing access paths to only the physical servers that must have access to maintain the desired functionality. This can be accomplished through the use of zoning via SAN N-port ID virtualization (NPIV), LUN masking, access lists, and permission configurations.
- Last, there should be options for data encryption in-flight and at-rest. These options might be dependent on the data access methods utilized. For data under the strictest compliance requirements, the consumer must be the sole owner of the encryption keys which usually means the data is encrypted before it leaves the operating system.
One other area that enterprise clouds should address is how data is handled on break/fix drives and reused infrastructure. There should be well defined break/fix procedures so that data is not accidently compromised. When a customer vacates a service, a data erase certificate should be an option to show that the data has been deleted using an industry standard data erase algorithm.