Published 9 March 2014
Let's take a look at how virtualised servers can offer security advantages, particularly when comparing with a "bare metal" server or shared hosting of your website or application. The processes and scalability within a "cloud" server suppliers organisation are built on security best practice and monitoring.
To clarify from the beginning, when we're talking about virtualised servers, we're referring to the practice of creating server instances from a larger pool of resources. Whether you call it "Cloud" is up to you, but as we use VMWare virtualisation which runs below the OS level, we'll refer to these servers as Virtual Machines (VMs).
How a VM provider deals with security is best taken in context. Server security is really three things:
Availability Your web application or data being available to the right users, when you need it.
Security Your application being protected from physical and virtual threats.
Integrity Your data being stored in a way that ensures consistency.
So, with that cleared up, lets take a look at how VMs can be more effective when considering security.
Virtualised server providers (like Web Drive) specifically employ a team of network and server security gurus to make sure our VMware infrastructure is kept up to date with the latest security developments. Like any VM provider worth its salt, our data centers are specifically built with security in mind; from biometric entry, to restricted entry points to good old fashioned fences and walls.
VMs are only as good as the underlying hypervisor. By partnering with world-class server virtualisation providers, such as VMWare, we're able to get up to the minute updates and support for our products and services.
It's no longer a case of Scalability vs Security. Today's providers understand that scalability IS security. Many of today's security issues can be filtered through an intelligent scalable firewall or mitigated with the right resources.
Numerous agencies have reported internal security threats being a big concern. In a VM environment, with the right accesses and privileges, internal threats need to work a lot harder to achieve their nefarious goals - the server simply isn't accessible to would-be threats.
If security issues do occur, we've got clear procedures for diagnosis, escalation and remedy. Teams of people monitor network traffic patterns looking for vulnerabilities as they're exposed and are able to allocate server resources to resolve any threats as they arise. A recent study indicates that 63% of security vulnerabilities were identified by suppliers.
Don't just take our word on security, install your own. If you're unsure about the security practices of a vendor, then you have the control. Utilise a next generation firewall, sandbox your threats, control user access at admin level or deploy your own DDoS mitigation. Anything you do will only strengthen your defences.
There are some distinct security advantages of using a VM. On top of any security you might want to add to your server you, get the benefits your provider offers. If they're anything like Web Drive, that means a team of specialists looking after many aspects you might not have even considered as well as all the latest knowledge and expertise at a network level.