Sixty percent of CIOs ranked cloud computing as high priority in the visionary plans – up from 33% in 2009.1 While cloud environments help organizations decrease costs, accelerate time to market for new business services, and drive business innovation, they also present a number of new security and privacy challenges.
One key security challenge with cloud environments comes from server virtualization. In the virtualized world, a Hypervisor (or Virtual Machine Manager) enables one or more Virtual Machines to run on each physical server. These Virtual Machines don’t necessarily know what hardware they’re running on and have no way of looking down into the Hypervisor to see if it has been tampered with. So if hackers manage to tamper with the Hypervisor, they can gain access to sensitive data and make changes to your servers and data while remaining undetectable.
When virtualization features make it hard for software to know if your server has been tampered with, it’s a good idea to think about security features built-in at the hardware level. There are two basic approaches for hardware to help with this problem:
- Keep the control of the virtualization layer separate from the main computer – this is the traditional approach in large systems such as System z and Power Systems
- Add in hardware features that can detect tampering and prevent the system from booting if someone has tampered with it
The first of the two is a fundamental system architecture which separates privileges and responsibilities within the system: LPAR, the Logical Partition architecture of which two variants are used in IBM Power systems and System z. In LPAR architecture, the processors which will run user workloads are not given the privilege of booting themselves up – that function is performed by completely separate processors to which end users and user software have no access. This fundamental hardware-based separation of control has made it effectively impossible to compromise one of these systems through virtualization layer exploits.
Things get more challenging with the second approach, which builds new security features into systems which evolved from single-CPU machines that boot themselves up: x86 machines and emerging ARM-based systems. In this approach, where the same processor controls the boot process and the setup of the virtualization layer, simple hacks can give a hacker or a piece of Malware privileged access to the virtualization layers – enabling an undetectable system compromise. To address these issues, IBM and a number of industry collaborators have developed a family of tools known as Trusted Computing.
At its heart, the idea here is that the hardware “measures” the software to see if it has been changed from its original known-good state. Any subsequent tampering with the code or system settings will be detected when the system reboots. This technology has applications both in physical machines and virtual, and in fact has even been adopted for use in Power Systems to provide an additional level of integrity in user virtual machines (LPARs).
At IBM, we build security capabilities for all layers of system architecture. The combination of our Systems Security technologies: LPAR and Trusted Computing, together with application of traditional network and software security guards appropriate to the needs of your business, provides a basis for the highly robust server infrastructure expected in the modern enterprise.
We’d like to hear from you. Do you have concerns about security and privacy in your virtualized environments?
Jeb Linton is CTO for Security in IBM Systems and Technology Group. Mr. Linton has worked for IBM since 2008 as a technical strategist and architect on numerous Cloud Computing, Storage, and Analytics projects; as co-lead of the IBM Watson Architecture Board, and as leader of the IBM Trusted Cloud initiative.
 IDC, IDC Predictions 2012: Competing for 2020, Dec 2011
Editor’s Note: This blog post is part of a Smarter Computing series on IT security running in December 2012 to help readers understand key aspects of security, including reputational risk, cloud security, and the role of hardware, software and services in security solutions.
We encourage you to read the other posts in our series, listed below:
- Smarter Cyber Terrorism on a Smarter Planet by Turgut Aslan
- Securing your Smarter Supply Chain by Fran O’Sullivan
- Are You the Keymaster? Yes, Actually, I Am by Paul DiMarzio
- Reputational Risk and IT: They’re Closer Than You Think by Yesica Schaaf
- Security-Ready IT: A Fundamental Imperative for Smarter Computing by Shelley Westman
To effectively compete in today’s changing world, it is essential that companies leverage innovative technology to differentiate from competitors. Learn how you can do that and more in the Smarter Computing Analyst Paper from Hurwitz and Associates.