Virtual Data Center Security Solution
Data center virtualization has become a critical part of every enterprise IT strategy. The compelling return on investment and benefits of cost saving, scalability, and business agility are driving the momentum to consolidate computing resources and host business applications on a virtualized computing environment. A virtual data center is frequently implemented with hypervisor-based virtual machines for dynamic provisioning and it is mixed with physical servers for mission critical or legacy enterprise applications.
Virtualization technology has in many ways become more mature and robust over the last few years. While the adoption of this new virtual infrastructure is gaining momentum, enterprises are facing a new set of security risks from data leak, malicious intrusions, security breach, and regulatory compliance violations. Enterprises in the value chain business face even tougher challenges when data centers are open for access by external vendors, partners, or customers. In order to benefit from virtualization and cloud technologies without compromising corporate security and compliances, enterprises need advanced security solutions to cope with the new set of challenges.
Some of the challenges faced by enterprises include:
- Threats from a Stolen or Abused Virtual Machine - Virtualization technology enables a hacker to easily duplicate and disguise a virtual machine, place it in a restricted operation environment, and use it to compromise security, disrupt operations, fetch classified data, and launch malicious attacks in a data center.
- Threats from a Virtual Machine Misplaced in Classified Network Segment - During routine maintenance or active provisioning, a virtual machine might be moved from one network segment to another. If a virtual machine is mistakenly relocated from a secure network segment to an unsecure network segment or vice versa, a hacker can use it to launch malicious attacks on other virtual machines in a data center.
- Attacks from Unknown, Dormant Malicious Virtual Machines - A hacker can make multiple copies of a virtual machine, program them to be dormant for a period of time and later revive this army of malicious virtual machines to launch massive attacks in a data center. Such breed of malicious virtual machines can be extremely difficult to detect and isolate due to the very nature of virtualization technology. IT security team has to deal with a compromised "file" within a very large database and such effort is very different from the challenge faced in isolating a physical server on a rack.
- Inter Virtual Machine Communication Bypasses Detection - The traffic between virtual machines cannot be detected or monitored by network security tools or firewalls designed to monitor traffic on physical network. Also, the data exchanged between virtual machines might not be encrypted for some hypervisor products posing a potential risk of data leaks and theft.
- Multi-Tenancy Issue in a Virtualized Computing Environment - Different business applications and critical operations can share the same physical computing resource in a multi-tenant virtualized computing environment. It is critical for IT to dynamically segregate these applications and operations to prevent unauthorized access or malicious attack across virtual machines.
- Lack of a Unified Security Management System for Virtual and Physical Computing Environments - Security management for a virtual data center that has a mixture of hypervisor-based virtual machines and physical servers is a challenging task for IT due to the lack of a unified, easy-to-use, and efficient management platform.
- Segregated Security Management Platform from Cloud Operations - A key fundamental principle for an enterprise security implementation is the requirement to segregate the operation management system for cross checking. The lack of an effective security virtualization solution may lead enterprises to implement the security management and control system in the same virtualization management infrastructure. As a result, enterprises may not fully implement the requirement to achieve tighter security control.
Imera's approach to solving these challenges is to introduce an independent Virtual Data Center Security system that dynamically provisions applications, enforces the security and compliance rules in cloud virtual machines or physical servers, independent from the cloud management system. Critical business applications and security rules can be defined to form a tightly coupled computing environment protected by a logical fence. Malicious attacks from an unauthorized virtual machine or suspicious computing activities outside the logical fence trying to connect to the protected resources will be blocked. Instant alerts will be sent to notify IT security team for immediate actions and further resolutions.
Imera virtual security solution enables enterprises to establish secure computing zones within the data center virtual environment for protecting classified data and critical business applications from malicious attacks and unauthorized access.
Imera Virtual Topology™ and Secure Grid™ are next-generation cloud security technologies that provide IT with secure, unified, and easy-to-manage security profiles that can be enforced in private, public, and hybrid cloud environments.
Imera Virtual Topology
Imera Virtual Topology enables IT to instantly establish secure computing zones without programming the complex security rules of each cloud node. Different levels of protected zones (perimeter and vault levels) can be created to protect groups of cloud nodes for different business operation requirements. Connection to a secure zone is restricted based on users' privileges to prevent unauthorized access by other tenants. A suite of powerful tools including visual representation of the entire topology minimizes IT management efforts and time.
Imera Secure Grid
Imera Secure Grid enables IT to create a map of individual cloud nodes using a grid topology. Individual virtual firewall is established at each grid to define a security boundary. Connection to each grid is restricted
to prevent unauthorized access by other tenants. To further harden security, tight application flow can be defined in a chain of grids to create a tier-based protected computing environment.
Solution Key Features
- Secure Zone Protected by Virtual Perimeter Firewall - Imera solution offers software-based virtual firewalls for IT to instantly enable a protective "wall" around the perimeter of a cloud computing environment. All inbound and outbound traffic within each zone are restricted based on the rules and policies managed by IT. No reconfiguration of physical network (e.g. routers, firewalls) is required. Access to each zone is provisioned and managed by IT. Each zone can be created, altered, or removed instantly and effortlessly. IT can easily create different secure virtual zones to meet different organizational operation needs.
- Secure Virtual Vault for Multi-Tenancy Protection - Imera solution enables IT to build virtual vaults within a secure zone to segregate and lock down computing resources for different cloud tenants by configuring the vault-level virtual firewalls. All inbound and outbound traffic within each vault are restricted based on the rules and policies managed by IT. Access to each vault is provisioned based on user roles set up by IT. Each vault can be configured to connect with a white list of external resources to build a customized computing environment. Cloud nodes within each vault can be managed without reconfiguring the physical network (e.g. routers, firewalls) or reallocating physical computers. Each virtual vault can be created, altered, or removed instantly and effortlessly.
- Application Flow Control for Secure Tier-Based Computing - Imera solution enables IT to define a secure tier-based computing environment by using the grid topology. Application and data are hosted on separate cloud nodes in the grid to define different tiers, e.g. web server, application server, and database server. Each tier is protected by the node-level firewall and tightly chained together to form a multi-tier computing environment.
- Instant Alerts and Cloud Node Quarantine When a Security Policy is Compromised - Imera solution constantly monitors the integrity of secure zones, secure virtual vaults, and application flow control policies. If a security breach is identified, instant alerts will be sent to administrators for immediate actions. The suspicious cloud node will be instantly isolated in a quarantine area for further investigation.
Solution Key Benefits
- Protect Applications and Data Within a Virtual Data Center Environment - Imera solution enables IT to instantly create secure zones that protect enterprise applications and data hosted in a virtual data center computing environment.
- Increase Business Agility by Leveraging Cloud Infrastructure - Imera solution offers piece of mind for enterprises that want to leverage cloud computing technologies and environment for meeting dynamic business operation needs.
- Minimize IT Management Costs, Time, and Effort - Imera solution enables IT to protect applications and data hosted in virtual data centers with minimal effort. No reconfiguration of physical network (e.g. routers, firewalls) or computers is required to enforce security rules and protect classified information.