Secure Server Configurations for Virtualized Environments

The evolution of data centers is affecting both centralized and distributed environments. As IT operations gain familiarity with server virtualization, security groups can evolve to best practices for secure server configurations in virtualized environments. However, simple server virtualization is only the start. Consider that:

• Roles still need to be managed differently. Application delivery and provisioning change dramatically, altering how access control rules need to be crafted and implemented. The virtual data center begins to be a more sophisticated, elastic private cloud, and access rules need to move to the application level.
• Experience with private clouds leads to demand for the use of public cloud services, in particular infrastructure-as-a-service (IaaS) offerings such as Amazon Web Services and EC2 and Microsoft Azure. The first wave is generally running development and test environments on public cloud services, but more applications, such as workforce and enterprise resource planning (ERP) programs, are being moved to cloud services providers as well. Access policies and monitoring controls can be extended out to cloud services, but the level of visibility and control varies widely across different flavors of public cloud. IaaS can provide a high level of both, but they are dramatically reduced when using many software-as-a-service offerings. Security architectures must be updated to extend out to cloud services, and security groups must be involved in the evaluation process to make sure that the cloud services meet at least the minimum needs for monitoring and control enforcement.
• Demonstrated cost savings and faster time to market drive demand to move sensitive production services to public cloud, continuing the cycle. Security architectures need to scale in the same manner.

How do businesses embrace these transitions without creating inconsistent security controls and gaps in security policy? Read more about next-generation security in the recent SANS Institute whitepaper, “Conquering Network Security Challenges in Distributed Enterprises.”

[Palo Alto Networks Blog]