Platform Security is Critical to a Virtualized Environment
As many may know, virtualization makes it possible to run multiple operating systems and applications on the same compute resource at the same time. It separates physical infrastructure from the software, and it is because of this, that customers with more advanced security needs or who want to maintain and secure their infrastructure lean towards virtualization.
The underlying technology used by the majority of cloud offerings is virtualization. Even though virtualization does provide us with some security benefits, there are other security challenges existing in the virtualized infrastructure that have propagated to the cloud. These security challenges are becoming even more complex in public cloud offerings due to the nature of multi-tenancy and scalability.
As much as we would like to think that the virtualization technology can provide all of the security measures independent of the underlying hardware, there are many evolving advanced security features that require the right infrastructure. Some of the notable examples include Virtual TPMs (vTPM) based VM security, “GeoTagging”, Secure Boot, encryption key management, Audit logging capabilities etc.
Most of the attacks that are reported are in the application layer. However, with the involvement of more sophisticated hackers and nation states, the threat matrix has expanded to include boot firmware, platform management stack, and even hardware (see Figure 1). Boot firmware and platform management can steal secrets just as effectively as OS level malware. These are also very attractive targets for Denial of Service (DoS) attacks. DoS attacks impact the availability of servers and widespread firmware attacks could result in bringing down the entire datacenter or cloud infrastructure.
Platforms that support robust local and remote key management are ideal for virtualization environments
Over the past few years, industry standards have emerged on boot firmware, but they are lacking in platform management. This gap is addressed by leading platform vendors that are offering differentiation and advanced level of security value-add features to platforms. The good news is that, emerging platform technologies help in reducing the risk of Advanced Persistent Threats (APTs).
What security features should CIOs look for in a virtualization hardware infrastructure?
Trusted Platform Module (TPM):
In a non-virtualized environment, a one to one relationship between the physical Trusted Platform Module (TPM) and the operating system exists by design. As TPM only has a single set of Platform Configuration Registers (PCR), it doesn’t scale well for virtualized environments. This issue is being solved by the industry with Virtual TPMs (vTPM). vTPM allows the establishment ofa one to one relationship between a virtual machine (VM) and a virtual TPM (vTPM). Presence of a physical TPM in platforms enables stronger security of vTPMs. Platforms that support TPM 2.0 would be a good choice for tightening VM security using future advanced hypervisors which are expected to leverage this technology.
Platforms enabled for Geotagging:
One of the critical security concerns in cloud computing is “how do I know which physical system my workload is running on?” Geotagging along with other technologies such as Intel Trusted Execution Technology (TXT), and TPM can be used to address this issue. Geotagging also helps to identify a pool of servers with a required level of security characteristics including firmware and hypervisor trustworthiness.
UEFI Secure Boot capable platforms have a robust Root of Trust (RoT) built using hardware and firmware. RoT ensures the platform is always started in a known initial state and Chain of Trust (CoT) is built all the way to operating system. Latest operating systems are also extending the CoT all the way to applications. Secure Boot in conjunction with the measured boot, defined by the Trusted Computing Group (TCG), enables third party attestation services to verify that the code stack booted is authentic. If any of the code is compromised, either firmware or OS, appropriate remediation actions are invoked.
Encryption and key management:
With the shift of system memory towards persistent memory, encryption requirements are expanding from the traditional storage requirements. All the challenges around encryption and key management also apply to NV Memory. Platforms that support robust local and remote key management are ideal for virtualization environments.
Platform Audit Logs integration with Security Information and Event Management (SIEM) tools:
Security analytics depend on the telemetry that is collected to identify anomalies. The ability of the security analytics to take the appropriate action is directly tied to the quality of events that are collected. Platform management components, such as BMC, that can generate a precise set of audit events will enhance the SIEM tool’s ability to detect major platform level anomalies and take corrective action.
Security is one of the areas where proprietary and standards based solutions exist side by side. Figuring out the right balance between these is going to impact the overall infrastructure security posture. Standards based security technologies are, in general, preferred for most of the environments.
Vision and roadmap for the infrastructure security:
Security is evolving and infrastructure is hardened to handle and respond to advanced threats. Choosing partners and solutions that have a clear vision and roadmap is essential for the successful virtualized environment. Existence of the security ecosystem is also one of the factors that should be considered.
In summary, when considering a platform infrastructure, one should not only consider the security features enabled: TPM 2.0, Secure boot, and Encryption key management, but just as important, vendors who have a clear vision on security and solutions developed based on industry standards.