In the realm of server-based computing, virtual machines and enterprise-ready hypervisors have been the mainstay for the past two decades. This technology revolutionized the landscape, replacing dedicated servers with efficient systems capable of hosting multiple virtual servers simultaneously. The optimization of resources based on load, load-balancing technology, and shared resources helped minimize costs, energy consumption, and physical footprint.
As organizations transitioned their tier-one mission-critical servers to virtual machines, ensuring redundancy and high availability became a top priority to meet uptime service-level agreements. Virtual machine hypervisors introduced various redundancy technologies like mirroring, real-time backups, and cold spares to mitigate the risks of outages in both hardware and software. However, the emergence of a new threat has brought into question the viability of virtualizing tier-one applications.
Recent years have seen a surge in malware and ransomware attacks targeting hypervisors directly, encrypting all virtual machines hosted by the system. These attacks pose a significant risk as they can render all technology hosted on virtual machines useless simultaneously. Vulnerabilities, exploits, poor identity security, and social engineering tactics have contributed to this heightened risk, making hypervisors susceptible to attacks like never before.
A closer look at reported vulnerabilities in VMware solutions reveals a concerning trend. Since the beginning of 2020, there have been 334 reported vulnerabilities, with 19% classified as critical. Two vulnerabilities, CVE-2021-21974 and CVE-2020-3992, stand out as they could lead to a complete hypervisor outage if exploited. Patching these vulnerabilities is crucial, but the process often entails taking the entire hypervisor offline and pausing or stopping all virtual machines, leading to substantial downtime for tier-one applications.
Organizations are faced with four potential solutions to address this risk:
1. Continue to include tier-one applications as virtual machines but ensure regular maintenance and accept downtime when patching vulnerabilities.
2. Deploy tier-one applications as physical hardware to facilitate regular patching and avoid virtual environments.
3. Transition tier-one applications to the cloud to leverage provider-managed services and mitigate back-end risks.
4. Modernize the ecosystem by migrating tier-one applications to a software-as-a-service (SaaS) solution.
Choosing the right path requires careful analysis and consideration of mission criticality and the feasibility of cloud migration or SaaS adoption. By separating tier-one applications from on-premises hypervisors and documenting the migration process thoroughly, organizations can reduce the risk of unpatched hypervisors and potential ransomware exploitation.
In conclusion, the evolving threat landscape and the increasing vulnerability of hypervisors have highlighted the risks associated with virtualizing tier-one applications. It is imperative for businesses to reevaluate their approach and consider alternative solutions to ensure the availability and security of critical applications. Implementing tier-one applications without depending on hypervisors may be the key to safeguarding against potential disruptions and maintaining operational continuity in the face of evolving cyber threats.