Last week VMware issued a security advisory, warning that two newly-identified vulnerabilities can lead to a denial-of-service attack and the execution of arbitrary code on a VMware host and recommended that VMware administrators do not import virtual machines from untrusted sources.
The existence of such a significant vulnerability calls for and demands a renewed focus on hypervisor security. One of the greatest advantages of virtualization is that it enables multi-tenant environments. One company, division or agency should be able to run critical and sensitive virtual machines on the same physical machine and hypervisor as other groups without an increased security risk. A fundamental requirement of this model is that an organization does not need to be concerned with other, “untrusted” virtual machines.
Organizations need to re-think the typical hypervisor security model to ensure proper segregation of duties and least-privilege access for hypervisor administrators. By applying these standard security principles to the hypervisor, individual virtual machines are significantly more protected in the event that a privileged hypervisor identity is compromised.
All organizations that operate virtual machines in a multi-tenant environment should require that privileged identity controls be implemented at the hypervisor-level. While in the past, these controls were primarily used to protect against malicious hypervisor administrators, they are now a critical security tool that is needed to protect against other virtual machines.