Even as much as we’re embracing virtual machines, there’s still some lingering uncertainty regarding how secure they are.
These concerns aren’t necessarily new, either – even in 2009, CIO magazine said security was one of the top concerns among IT pros, some who were just beginning to utilize virtual servers.
Since then, use of VMs has increased beyond servers to entire desktops, at the same time that more businesses have begun exploring the value and usefulness of using them in cloud environments. This approach has brought plenty of positives to the development landscape in terms of easier access, more responsive performance and more storage, but the security concerns haven’t gone away.
In fact, the amount of related concerns that keep security pros up at night has grown – provided said pros aren’t already up troubleshooting other projects.
For instance, Microsoft recently shared the frightening warning that VMs can potentially be hacked, turned into botnets, and then turned against other related VMs. Accomplishing this on a wide-spread scale would certainly take higher-level resources than your average hacker possesses, but Microsoft’s security monitoring efforts for its Azure system have already found all sorts of smaller-scale access attempts and intrusion efforts to leave behind malware.
So security is definitely important in our global world, where everyone – from curious teens to well-funded criminal enterprises – has been actively seeking vulnerabilities in just about every system and industry.
But is it the main driver of VM decisions? Not always, unfortunately.
Some companies look first for things like features, cost, or ease of integration with their current setup and level of knowledge. They may listen to the recommendations of a consultant or a vendor who they respect. Some may be steered to investing in a private cloud.
They also may only have a limited budget for upgrades/conversions so may not want or need to see all the monitoring bells and whistles if they’re trying to get a good deal on a lot of machines and get them up and running fast. These are all sensible and realistic reasons for decision making, especially when costs are a factor.
But security vs. affordability doesn’t have to be an either/or choice when planning your company’s VM strategy. Many of the features of Microsoft Azure, especially when combined with third-party virtual desktop infrastructure providers, make it possible to get a decent deal on your machines, be able to access them easily and still maintain a high sense of security.
Advantages can include:
- Access to Microsoft’s Cloud. It’s officially a public cloud but probably one of the most security-conscious public clouds out there for clients. It’s trusted by many top companies because of its reputation for quality and system integrity. It offers encryption capabilities for different levels of activity. Besides watching for botnet attacks, its monitoring services also actively search and block other threats.
- Dedicating at least one VM to security. Rather than using all your virtual machines for primary work-related functions, consider creating one especially for security/anti-virus/anti-malware measures. This can monitor communications between your other VMs in the system, along with watching for other security threats at the different access levels. Azure also provides regular security updates as well to stay in front of current threats.
- Looking for redundancies. Besides active protection that can possibly include several layers of firewalls, your data and configurations can all be backed up and easily retrievable or transferable if something fails, not just a factory reset by re-installing your boot disks. Azure offers remote and local storage, and other services may also offer to store backup files at a secure location or assist you in configuring a local backup of your own choosing. Or both.
- Implementing multi-factor authentication. User IDs and passwords are no longer as secure as they used to be, which is why more companies are requesting another level of clearance tied into texting a temporary short code or using some other personal reference to access certain areas. More credentials can even be required for higher-level privileges. Even though different machines may have different ‘trust levels’ for access, incorporating authentication places a level of security over everything.
- Better monitoring. One challenge that companies face when embracing virtual technology is “sprawl.” This essentially means that they may end up deploying too many machines, which makes it difficult to keep track of any of them well, especially if they’re running different applications, consuming different amounts of resources, or running different versions. If a development team is putting its energy into fixing one machine, they may not immediately notice possible intrusion attempts. However, some programs allow administrators to monitor the basic activity of all machines at once through one interface – including if they all have current patching.
- Extra attention to the hypervisor. This area between virtual hardware platform and virtual machines has traditionally been a weak spot for intrusion attempts. Because of this, it now receives more attention and real-time monitoring.
Overall, Azure offers users a wide variety of protections, which can help dispel some of the fears of breaches along with budgetary concerns about security being too expensive.