Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Virtualisation and cloud – What to fear and what to embrace?

Jones Leung | Sept. 2, 2013
Virtual machines bring enormous benefit to the organisation. However, they have the potential to lead to painful security challenges as well.

Modern data centres have been undergoing various transformations with the evolution of enterprise computing.  In a recent survey by Forrester Consulting, more than half (57 percent) of organisations in Asia Pacific are currently planning to increase their cloud and virtual data centre spending[1].

In many modern data centres, virtual machines move dynamically between physical appliances based on compute demands, and orchestration software fully automates a variety of workflows related to the deployment and ongoing management of these virtual machines. All of this has enormous benefit not only to the organisation, but to the IT team as well. However, these improvements have the potential to lead to painful new security challenges as well.

Specific to Hong Kong, U.S. IT hosting company, Rackspace, Inc. found that the general cloud adoption in Hong Kong stands at 84 percent compared to 79 percent in India and 73 percent in Singapore, where the most popular uses for the cloud are relatively basic applications such as databases (71 percent), email (65 percent), back-up (63 percent), servers (62 percent) and storage (56 percent). Two out of three Hong Kong respondents (67 percent) said data security is the top concern for their senior management while 51 percent of respondents said a lack of understanding about how cloud works was a top concern, demonstrating the growing importance of IT security products as more businesses plan to use cloud within the next one to two years.[2]

More innovative threats

Threats and attackers have been innovating just as quickly as virtualisation has. IT security threats and malware in particular have become increasingly adept at avoiding traditional signatures. This includes a malware infecting file that can avoid traditional antivirus signatures, as well as obscuring its malware communications in custom protocols, encryption or tunnels. As a result, threat prevention does not only include the "blocking and tackling" of stopping known threats and exploits, but also finding and automatically managing any unknowns in the environment.

Based on the Asia Pacific Application Usage and Threat Report from Palo Alto Networks, findings show that application vulnerability exploits target high-value business applications.[3] Hence, the real security risk lies with a clutch of nine popular applications that accounted for 98 percent of all software exploits, where seven of these applications are internal/ infrastructure applications (databases, Active Directory, RPC, etc.).[4]

The application and threat patterns dispel the position that social networking, filesharing and video applications are the most common threat vectors, while reaffirming that internal applications are highly prized targets. Rather than use more obvious, commercially available applications, it has been shown that attackers are masking their activities through custom or encrypted applications where nearly 100 percent of the malware logs (botnets, spyware, keyloggers, etc.) were found in only four applications - with the bulk of the logs (45 percent) masking themselves as custom or unknown UDP.[5]


1  2  Next Page 

Sign up for Computerworld eNewsletters.