Transforming Security: Leveraging Virtualisation to Enable Least Privilege Environments
This is the second in a series of three articles and videos featuring VMware’s Tom Corn, SVP, Security Products, and Shawn Bass, VP and CTO, End-User Computing, discussing security transformation and what it means for the future of networking.
According to Tom Corn and Shawn Bass, a huge challenge for current enterprise security models is distinguishing between what’s really a problem and what’s merely a false alarm, or, as Bass puts it, “the signal-to-noise ratio of what’s actionable and what’s not actionable.” There are considerable “gray areas” when it comes to security, so security controls can’t simply lock everything down each time there is an alert. This would simply be too disruptive to the applications and ultimately to the business.
Creating least privilege environments around critical applications and data can improve security significantly. But least privilege does not have to be only about “blocking access to things.” A more rational approach, Bass argues, is to also leverage least privilege to detect—to use it as a stronger signal that something is wrong.
On the data center side, Corn says that applying least privilege around an application, service, or data will shrink the attack surface substantially. “There’s no silver bullet,” Corn says, “but the things that are malicious will be significantly easier to identify.” Instead of trying to find “a needle in a haystack,” he continues, now it’s a “needle in a few pieces of hay.”
Enabling Least Privilege Through Virtualisation
Virtualisation enables a far more operationally feasible approach to least privilege—one that can be aligned with the applications and data the business is trying to protect, and one that moves with the application. Virtualisation also enables organisations to apply the principle of least privilege to detection and response, by monitoring behavior and its deviations. It allows organisations to set up what Corn calls “a logical boundary” around an application or data that moves and maintains itself, regardless of where that app or data goes—to and across clouds—or how it expands in size and scale.
There are so many advantages to this new way of approaching security that the excuses not to employ least privilege are beginning to fall away, Corn says. “There is no other way of doing it.”
Watch the video to learn more from Tom Corn and Shawn Bass about how virtualisation enables the principle of least privilege to help transform security.