Whether private cloud or public cloud, organizations are increasingly utilizing virtualization, to optimize performance through efficient load distribution and making the best use of their hardware. Failure to secure these systems can lead to significant data breaches and sensitive data being lost. Security and assurance of the virtualized environment are vital for a system that maximizes resilience, and provides secure, long-term benefits of virtualization.
Evaluating the risks
With virtualization, virtual machines and containers provide compartmentalization of systems –. This helps to segregate and isolate a system, which means when one part is exposed to an attack – it can be separated into compartments rather than allowing the hackers to infiltrate the entire system.
Security is of the utmost importance for enterprises, IT administrators, and service providers who wish to avoid serious consequences – and there are a number of risks to consider. When you rely on a third party to provide a secure processing environment for you, the responsibility is shared. Even if you rely on a third party to provide security for your application, misconfiguration or malware affecting that third party may impact your data. Server space is also shared between different tenants, meaning that if malicious information is uploaded to a shared server – your data may be at risk. When cloud systems are being shared, trusted computing allows the user to monitor the security status of the software and data within their Virtual Machine or container and prevent others from accessing it.
Protecting virtual machines
While hardware can be physically protected, virtual machines require different mechanisms, and it can be hard to know the state of a virtual machine’s (cyber)security. Anyone using a virtualized environment in a public cloud scenario must place trust in the service provider. The provider themselves have the ability to verify the state and authenticity of their virtualization infrastructure. Trusted Computing enables sharing important security information such as the security state of virtualization infrastructure and your virtual machines.
Virtual environments are only as secure as the infrastructure they are run on, and care should be taken to ensure that virtual machines and containers only run on trusted systems. Implementing trusted virtual platforms helps users to establish trust in their virtual machine and its underlying virtualization infrastructure.
What’s more, as services are increasingly virtualized in the cloud, the systems may also become more accessible to attackers. Already a lucrative profession, in the last few years hacking has become increasingly sophisticated, automated and profitable, and now more than ever resembles legitimate business. This is why the industry must develop a trusted means to verify the authenticity and integrity of the involved virtual machines and containers.
PC Client is common platform to think of with cloud and virtualization. However, virtualization is used in other platforms such as in storage and network devices. All uses of virtualization need and require trusted computing guidance for implementation.
The future of virtualization security
The Virtualized Platform workgroup at TCG recognizes that as virtualized environments develop, trusted computing must have extended security measures. Security and assurance of the virtualized environment are vital for a system that maximises resilience, and provides secure, long-term benefits of virtualization. The work group at TCG is continuing to develop standards and explore new approaches to virtualized platform security in a new specification to replace TCG VPWG Architecture Specification (include link to published document here) as well as tailored guidelines for the common plattforms such as PC Client, Server, Storage Systems, and Network Devices.For more information on the specification visit: https://trustedcomputinggroup.org/wp-content/uploads/TCG_VPWG_Architecture_V1-0_R0-26_FINAL.pdf
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.