HP promotes virus scanning for cloud security

FLOGGER OF EXPENSIVE PRINTER INK HP believes that taking a peek into the memory of virtual machines (VMs) on its G-Cloud system is the best way of actively monitoring for security vulnerabilities.

HP told The INQUIRER that its government-oriented G-Cloud system uses virus scanner technology to monitor against VMs being infected by malware running amok on cloud deployments. HP said that pattern matching of memory contents is similar to techniques used by virus scanners and is currently the best possible technique to combat against security threats in cloud deployments.

Hosting services on the cloud has become extremely popular and, while the details are abstracted away from the user, a simplistic view of cloud hosting is the use of multiple virtual machines represented as one entity. Management and security of those VMs have become increasingly important as outages such as those at Amazon's EC2 and security breaches on Sony's Playstation Network have hit the headlines.

Given that companies and users have become increasing sceptical about the security of cloud services, it's not surprising that John Manley, director of HP's Automated Infrastructure Lab said, "Cloud security is a big issue to tackle."

Users on public clouds, such as Amazon's EC2 service, might expect that their virtual machine is isolated from the hypervisor, the underlying software layer that operates on the 'bare metal' of the server. However if HP's high-end G-Cloud technology, which is pitched at governments and multi-national enterprises such as banks, has to peek inside a VM's memory in order to carry out security monitoring, then customers might wonder what happens if the hypervisor itself is compromised.

Most concerning is the firm's claim that large scale cloud deployments, regardless of who deploys them, become instant targets for attacks. The key, it said, is to "provide a barrier between the VM and the cloud [the boundaries of the service domain]".

HP admitted to The INQUIRER that it is in a "security arms race" in order to secure the cloud and that peeking inside a VMs memory isn't the best solution but will suffice for the next five years. The next stage, according to the firm, is to work on hardening the hypervisor.

The intrusive policies that HP and others deploy to ensure cloud security might themselves raise questions about just how secure and private data really is, when it's in the cloud. µ