Linux Containers Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Pat Romanski, Stefana Muller

Related Topics: Containers Expo Blog, Cloud Security

Containers Expo Blog: Blog Post

Security Teams Must Take Control of Virtual Networks

Any new virtual server being added to the virtual network is not subject to the same corporate security policy for network acces

It’s safe to say, nearly all enterprise network security teams tightly control what physical devices get connected to their networks. Most have clearly defined process and procedures in place with regard to controlling and securing any new devices plugging into their physical networks. Industry statistics show that the vast majority of security breaches initiate from inside the network, and not from an intruder penetrating the perimeter, physical network access control has become standard practice. As a result, it is increasingly rare to allow anyone in an organization to plug in a new server or system without first making sure the new device has been adequately secured in accordance with their corporate security standards including anti-virus protection, firewall policies, etc.  For physical devices, the process begins as soon as the ‘box’ hits the receiving dock; the equipment is intercepted and is put through the process of being secured. Once it’s been properly configured to meet the corporate requirements as defined by the security policy, it’s distributed for deployment. Then, and only then, is it plugged into the physical network.

Enter the virtual system, be it a virtual server or virtual desktop. These devices are nothing more than software however, to users, they look and feel exactly like actual physical devices on the network. At issue is the ease in which these systems can be created and connected to the corporate network. In about as much time as it takes to make a peanut butter and jelly sandwich, a VM administrator can spin up a new virtual server with all of the attributes of its physical server counterpart including nic, disk, memory, etc. However, this new virtual server can be deployed and added to the network without ever being secured by the security process described earlier. Furthermore, because the virtual server is deployed inside the internal network on a VMware ESX host with vswitches and full connectivity to the network it represents significant security vulnerability if it has not been properly secured.

What’s more, because the network traffic traversing inside the virtual network is invisible to network monitoring tools operated on the physical network, the network traffic to and from these unsecured virtual servers inside the ESX host goes completely undetected. The virtual network is in reality an internal network inside the physical network. There is simply no way to see or control the traffic running within the virtual infrastructure.

Companies are exposed to numerous security vulnerabilities and compliance issues because of the high percentage of security breaches coming from the internal network along with the fact that the ESX Host(s) represent invisible networks inside the internal network. Any new virtual server being added to the virtual network is not subject to the same corporate security policy for network access control as physical servers.

For all of these reasons, security teams must take control of their virtual networks. They must ensure that any system, be it physical or virtual, be properly secured. We encourage security teams to explore virtualized security in detail.

"VMware" and "ESX" are trademarks of VMware, Inc. [NYSE: VMX]

Read more on this topic:
"Why Do We Need Virtual Security?"

More Stories By Catherine Edwards

Catherine Edwards is a marketing consultant.

IoT & Smart Cities Stories
@CloudEXPO and @ExpoDX, two of the most influential technology events in the world, have hosted hundreds of sponsors and exhibitors since our launch 10 years ago. @CloudEXPO and @ExpoDX New York and Silicon Valley provide a full year of face-to-face marketing opportunities for your company. Each sponsorship and exhibit package comes with pre and post-show marketing programs. By sponsoring and exhibiting in New York and Silicon Valley, you reach a full complement of decision makers and buyers in ...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
LogRocket helps product teams develop better experiences for users by recording videos of user sessions with logs and network data. It identifies UX problems and reveals the root cause of every bug. LogRocket presents impactful errors on a website, and how to reproduce it. With LogRocket, users can replay problems.
Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secu...
Rafay enables developers to automate the distribution, operations, cross-region scaling and lifecycle management of containerized microservices across public and private clouds, and service provider networks. Rafay's platform is built around foundational elements that together deliver an optimal abstraction layer across disparate infrastructure, making it easy for developers to scale and operate applications across any number of locations or regions. Consumed as a service, Rafay's platform elimi...
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
According to Forrester Research, every business will become either a digital predator or digital prey by 2020. To avoid demise, organizations must rapidly create new sources of value in their end-to-end customer experiences. True digital predators also must break down information and process silos and extend digital transformation initiatives to empower employees with the digital resources needed to win, serve, and retain customers.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...