Virtualized machines simply exist as files on a storage area network (SAN). Because of this, it is extremely easy to attach any virtual machine to another as a "disk" — much like physically attaching an additional hard disk drive to a PC in order to gain access to the data contained therein. In a virtual environment, anyone with the right privileges can easily mount an existing virtual machine without alerting attention to this action. A SAN administrator simply has to connect to the virtual machine to gain access to the data by clicking a few buttons. As you can see, it's much easier than actually dismantling a PC to grab the hard drive.

Furthermore, SAN administrators are granted a large amount of access to these machines in order to administer, deploy, provision, and manage the resources on both a virtual and physical level. Many enterprises maintain multiple SANs with different administrators in order to control the level of access to critical data. Nevertheless, even this precaution cannot completely prevent unauthorized access:

• SAN Administrators can replicate data from a SAN where they have limited access to a SAN where they have more privileges
• Administrators can mount a virtual machine to multiple hosts & gain access to data in the virtual machine they wish to breach
• SAN Administrators can simply copy a virtual machine to a USB drive and take the data offsite.

So, how does AlertBoot protect and secure machines on a virtual infrastructure?

If your enterprise's virtual machines are encrypted with AlertBoot full disk encryption, the SAN administrator can attempt to access them, but without the proper AlertBoot privileges, these virtual machines will appear as unformatted disks. Any attempt to gain access to the data this way would be the ultimate exercise in futility.

Furthermore, this encryption persists no matter where the virtual machine image resides. AlertBoot disk encryption employs USER security policies, which persist for the user regardless of the machine. What does this mean?

• Replicating data to a SAN where an administrator has more privileges will never work because the encryption policy is enforced for the user. Thus, the machine appears as an unformatted disk.
• Mounting an unauthorized virtual machine to an administrator’s host is pointless. Again, because of the persistent user security policy, the machine appears as an unformatted disk.
• Copying the virtual machine data to a USB drive is useless because that virtual machine image is encrypted and utterly unusable.

Virtualization offers a multitude of cost benefits and IT efficiencies for enterprises but, as you can see, create a multitude of unique security issues as well. Attempts to plug these security holes by limiting virtual machine access and SAN administrator privileges ultimately dilute the efficiencies and benefits that are gained by this technology. Additionally, these limitations unwittingly sacrifice the high availability and uptime capabilities of the virtualization technology.

Using AlertBoot disk encryption to encrypt the virtual machines as if they were actual, physical servers allows enterprises to reap all the cost-saving advantages of virtualization without compromising the overall security of an organization’s critical data.

Read More about How Data Guard Systems Implemented AlertBoot Full Disk Encryption in a Virtual Environment