Best Practices for Virtualizing Email Security Infrastructure
Virtualization is a key technology for the 21st Century data center. Virtualization permits increased server utilization that lowers the amount of physical rack space, reduces power consumption, and supports green data center initiatives. The EPA estimates that 1.5% of all the electricity consumed in the US is in data centers, equivalent to all the color televisions in the US. Increased server utilization is good for business and good for the planet. Today, enterprises need to be aware of virtualization in the email security infrastructure. Companies can look to virtualize the internal email infrastructure and groupware, but not Internet-facing Gateway filtering functions. In this column, I’ve provided best practices for securely virtualizing an Enterprises’ email infrastructure, looking at why within the enterprise, the Email Backbone and Groupware Layers are strong candidates for virtualization.
Email in the Enterprise
Email is a primary mode of communication in business today and consequently is a mission critical enterprise application. A well-designed corporate email infrastructure has a security architecture built on the bastion host principle. An Internet Gateway Layer, typically an email security appliance, sends and receives email from Internet hosts. That primary function of that layer is to keep external threats out and to implement policies such as sender authentication – e.g., DKIM signing – or encryption on outbound email. The Internet Gateway layer is the “air gap” isolating the internal private network from the public Internet. The Email Backbone, an internal layer of the messaging infrastructure, handles internal email routing for email-enabled applications and implements internal policy controls for email content. The Email Backbone is often deployed using open source mail transfer agents (MTA) or message processing appliances and may include several technologies including DLP, archiving, and encryption products. Finally the Groupware Layer is where local delivery occurs into users’ mailboxes – what most people would call the “email system.”
There is a lot of complexity to most enterprise email infrastructures and consequently room for savings by adopting virtualization technology. Sendmail conducted a survey in 2010 to determine the rate of adoption for virtualization technologies. The results revealed that 56% of enterprises that have adopted virtualization technology had virtualized some aspect of the email infrastructure. 40% had virtualized the Groupware Layer in the email system. 18% had virtualized the security functions in the Internet Gateway.
Several reasons were cited for not virtualizing the Internet Gateway:
1. Perceived insecurity of the hypervisor (virtual machine monitor)
2. Lack of clarity in various regulations and security standards – for example, PCI DSS 1.2 assumes a physical server infrastructure not a virtualized infrastructure
3. Internet Gateway appliances currently have high utilization due to inbound spam volumes
4. SaaS providers are an alternative that lowers the cost of maintaining the Internet Gateway security
Securing the Hypervisor
The hypervisor is the virtualization layer of software that sits between the hardware and the guest operating systems and applications running in virtual machines. The hypervisor is designed to be opaque to the guest, mimicking hardware. As long as the management APIs, protocols, and tools for the virtualization layer are secured as would any other application running in an Internet Gateway, the vectors of attack on the hypervisor are few. Intrusion detection of changes to the hypervisor is a best security practice to make sure that a penetration at that layer is detected.
Beyond securing the hypervisor, the primary consideration is to segment the virtualized workloads onto physical hosts according to their security posture. In other words, don’t mix Internet Gateway and internal virtual machines on the same host and rely on underlying network code to isolate them, because there may be a vector via the hypervisor itself. Instead, as a best practice, treat hosts running virtual machines as bastion hosts.
PCI Compliance Update
Although the Payment Card Industry Data Security Standard 2.0 does not specifically address virtualization, the companion document Navigating DSS 2.0 from the PCI Security Standards Council does clarify how the standards should be applied to a virtualized environment. Virtualized systems may be considered separate hardware, but there is an added security burden to secure with proper authentication and access controls the management infrastructure for the virtual environment. Special attention is also given removable media. Access to removable media should be restricted on the host.
Benefits Beyond Server Consolidation
Although Internet Gateway appliances may have high utilization, virtualization can bring added benefit beyond server consolidation, including high availability and dynamic scaling of capacity. Virtual machines may be moved around the virtual infrastructure much more easily than physical appliances and additional instances can be started with the click of a mouse. This greatly simplifies the ability to scale an environment to deal with outages or spikes in email volume.
SaaS is a Viable Alternative
SaaS providers of inbound email security are a viable alternative for reducing Internet Gateway security costs, however, they do not remove the need for an on-premises email infrastructure at the Internet Gateway entirely. The firm will still need an infrastructure to receive the cleaned mail stream from the SaaS provider and to process the outbound email from the firm. That infrastructure may still be virtualized and given the lower volume of email handled server consolidation becomes a real possibility in most cases.
Virtualizing the Internal Infrastructure
Within the enterprise, the Email Backbone and Groupware Layers are strong candidates for virtualization. Here the benefits of high availability and fault tolerance inherent in virtualization are a real boon for organizations where email is considered a mission critical application. The firm is able to meet reliability goals while at the same time accruing savings with server consolidation. For this reason, virtualization at this layer has been the first to be migrated off a physical infrastructure. Firms that adopt this strategy are able to meet their business objectives while practicing environmental leadership.
