twobee - Fotolia


Virtual server security challenges: Data theft and destruction

Physical servers had built-in security safeguards that VMs don't. While it'd be hard to sneak off with a server, a VM can be stolen with little fuss.

While virtualization can create a single point for failure or security breach, it also has the benefit of giving you less surface area to protect. A smaller equipment footprint, thanks to consolidation through virtualization, can help to reduce some of the requirements of redundancy projects from networking to power consumption.

Smaller uninterruptable power supplies and generators can be used; the reduction of physical network ports decreases the attack surface of your network. You can even increase monitoring on the ports in use. While this helps to reduce the hardware footprint for security, unfortunately it does have the opposite effect on the software resources. Virtual servers and networks can be created and deployed with little effort and, in some cases, without prior approval.

The thought of a single rogue server or virtual switch that could cause an entire infrastructure to collapse would normally be a far-fetched idea at best. However when an undocumented system is entered into a controlled infrastructure, its very existence presents a risk for infrastructure stability. That rouge system now becomes the crack in your data center armor and it’s becoming more common, since rouge installations in a virtualized environment do not have the same cost restrictions that physical hardware does. In the past, servers required capital purchases, which was often an unintended security measure against rogue installations.

With today's ability to create large numbers of virtual servers with a few clicks, this cost barrier no longer exists. One of the best ways to protect your environment is to know what is in it, but that is getting harder each day. Each added VM is another possible crack in our data center’s armor. Limiting who can create VMs and auditing reports is now your best protection from the rogue installation.

Data theft

The other concern that virtualization has raised in a way that did not exist with traditional hardware is data theft. In the past, data thieves attempted to collect sensitive data from servers a bit at a time working on bypassing operating system security. That is because thieves normally had few options: they could physically access the hardware or try to make copies of the data. The hardware was normally behind locked doors and monitored with cameras or personnel, and the data or software could be encrypted or secured by the operating system. Logging within the operating systems made data theft more challenging and could alert and provide a forensics trail if someone was trying to access secured data. Of course, that didn’t mean data theft could not happen, just that it required some effort.

With the introduction of virtualization, servers are no longer hardware devices but a collection of files on a data store. As is true for any type of file, it is possible to clone data on running systems without disrupting the original server. This is not a bug, but a feature designed to help deploy new VMs. Once an identical clone is captured, it can be taken offline to be brought back online under a different name or transferred to an alternate location for disaster recovery. Unfortunately, this portability also creates a new concern. While the server may be large and awkward to copy or move, it is not impossible.

Since copied data is not active, it is possible to simply download or transfer it to a portable USB drive and simply carry it out of the building. While the thief needs additional rights into the virtual environment, he doesn't necessarily need full administrative access. Virtualization makes it possible to steal entire servers or even data centers. No longer does a thief need physical access to steal a server or the ability to break the security in place.

Data destruction

As mentioned, VMs are a collection of files, which means that in addition to being able to copy those files, someone can also delete them. Whether intentional -- such as a rogue employee -- or by a process that causes corruption -- such as a runaway snapshot -- your VMs are fragile. VMware and other vendors have multiple ways of protecting and recovering your data, but in the end your VMs are still a collection of files that can be deleted with a few clicks.

Data theft and destruction can occur with any IT system, whether it be hardware or software based. However, when servers were hardware based, natural controls based on quantity and sprawl existed that provided a natural security barrier. With virtualization, many of those barriers no longer exist. In fact, many of the tools and features we come to expect can be misused easily to enable theft or widespread data loss. Virtualization will not be going away any time soon, but it has forced IT to take a new look at redundancy, availability and security in a different light.

Next Steps

How vulnerable is your hypervisor?

Virtualization security vulnerabilities to look out for

Experts weigh in on tackling virtual server security challenges

Dig Deeper on Server virtualization risks and monitoring