Page 179 - How Cloud Computing Is Transforming Business and Why You Cant Afford to Be Left Behind
P. 179
D ANGERS ABOUND: SECURITY IN THE C L O UD
But the biggest security danger in the cloud is one that
hasn’t been recognized yet, at least not publicly, to anyone’s
knowledge. The virtualization hypervisor is a central piece of
software through which virtual machines on a physical server
must obtain their hardware services. All communications be-
tween virtual machine operating systems and the hardware
pass through the hypervisor, and from that vantage point, a
skilled agent could discern the activity of each and every vir-
tual machine. A relatively new product, the hypervisor firewall
with intruder detection, is available through Altor and several
other suppliers to guard this sensitive position.
As in intruder detection elsewhere, the watchdog on the
hypervisor is looking for departures from known patterns of
events that represent a norm, sequences of events that signal
that an intruder is at work, or a strange new pattern from the
hypervisor that indicates that it has started to do something
that is outside its assigned role.
The hypervisor also manages the virtualized server’s vir-
tual switch, which does in software what a physical switch does
on the physical network: it routes I/O traffic and storage traf-
fic to individual virtual machines and handles communica-
tions between them. If an intruder could somehow get control
of the virtual switch, she would be in a position to spread
agents or malware to other virtual machines, not only on the
host physical server, but also on other virtualized servers that
the host’s virtual machines have permission to talk to.
Ignasiak, of course, favors widespread adoption of Altor’s
virtual firewall for the hypervisor. Regardless of whose product
159
