The Practicality of Using Virtual Machines to Enhance Cybersecurity “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” - Richard Clarke Sponsored by
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The Practicality of Using Virtual Machines to
Enhance Cybersecurity
“If you spend more on co� ee than on IT security, you will be hacked. What’s more, you deserve to be hacked.”
- Richard Clarke
Sponsored by
2
CONTENTS
Introduction to Virtual Machines
Brief History to Virtual Machines
Different Types of Virtual Machines
Examples of Virtual Machine Software
Qubes, a Security-Focused Operating System
Introduction to Nerdio
Famous Data Breaches that Nerdio Could Have Prevented
Deloitte
JP Morgan
OPM
Analysis of Privacy Rights Clearinghouse Breach Information
Future of Virtual Machine Software and Virtualization Technology
Future Impact of Quantum Computing
Feasibility of Virtualized Data Centers
Impact of Decreasing Hardware and Bandwidth Costs on Virtualization
Conclusion
4
5
6-7
8
9
10
10
11
12
13
14
15
16
17
18
19
References 20-21
3
In computer science, a virtual machine (VM) is defi ned as an emulation of individual computer processes or a complete system. VMs free developers and end users from interface and resource constraints. They provide software and application interoperability, hardware and platform versatility, and system security. Since most VMs are created by diverse groups with diverse goals, it is important to focus on multiple VM architectures to describe VMs in a cohesive, unifi ed way. Architecture, in the context of computer science, describes a formal specifi cation of an interface in a computer system. This includes the behavior and utilization of resources managed through the interface. Implementation describes the representation of an architecture. Levels of abstraction correspond to separate implementation layers, whether it be hardware or software. Furthermore, each corresponds with its own interface or architecture. [34].
An example abstraction can be applied to disk storage. An operating system abstracts the hard-disk addressing details (i.e. sectors, tracks, etc.) so that the disk appears as a set of variable-sized fi les to whatever application software is running. Application developers can then, create, write, read, and delete fi les without possessing knowledge of the hard drive’s construction, physical architecture, etc. [34].
Introduction to Virtual Machines
A virtual machine represents a physical machine through software emulation. It has its own virtual hardware components (i.e. hard drive space, RAM, CPU, etc.), and the operating system designated by the user is utilized via these components. The operating system sees a consistent, standard hardware set regardless of the actual hardware components. Through the utilization of virtualization technology, IT departments around the world can build virtualized data centers without the need to purchase specialized hardware. This can be achieved on pre-existing physical hardware that most companies already possess [14].
4
Brief History ofVirtual Machines
The genesis of virtual machines dates back to the 1960s. System virtual machines evolved out of the computing concept called “time-sharing.” Time-sharing is defined as the sharing of computing resources across multiple users sitting at different terminals [16]. Time-sharing allowed multiple users to use the same computer concurrently, but only one program was executed before moving on to the next. This process was most notably implemented with the Compatible Time-Sharing System (CTSS). When it first became operational in 1961, it provided a subset of the machine to be used by batch programs. This would allow the time-sharing supervisor to alternate between different programs that were scheduled to be completed [19]. This process evolved into virtual machines, with the most notable examples being IBM’s research systems.
The CP/CMS system was conceived as a second-generation time-sharing system for IBM’s System/360 in 1964. The system was designed to support diverse activities such as operating system research, application development, report preparation, etc. One of the other purposes of this system was to integrate more traditional computer operations within an interactive, general framework. This system soon gained acceptance as a time-sharing system after it was installed at MIT’s Lincoln Laboratory [19]. The foundation that was created for virtual machine research at IBM was the first example of what eventually became a commercially viable utilization of virtual machines for the general public, and the utilization of time-sharing was the first system that allowed virtual machines to gain acceptance among the technological community in the past century.
5
Different Types of Virtual Machines
Process virtual machines provide a virtual application program interface to execute user applications. In their various incarnations, process VMs provide optimization, emulation, and the replication of various processes. One of the most common process VMs that is currently utilized is called multiprogramming. This particular process VM is so universal that most users do not regard it as even being a VM. Multiprogramming enables an operating system to support multiple user processes simultaneously, even though it gives the illusion of providing a complete machine to handle each process [34].
System virtual machines provide an entire environment in which an operating system and multiple processes can coexist. Through the utilization of system VMs, a single user can support several operating system environments independently and simultaneously. System VMs originated during the 1960’s and 1970’s, during the time in which mainframe computer systems were very large, expensive, and shared across multiple users. Today, interest in system VM use has been sparked through the use of servers and server farms shared by many users and groups. The use of system VMs provides a boost to cybersecurity through its use of isolation to separate the multiple systems that are running simultaneously on the same physical hardware platform. In this manner, if one guest system becomes compromised, the other guest systems will not be affected. In fact, this use of “security through isolation” has been utilized by one open-source OS in particular that will be discussed later [3, 34].
6
For Unix and x86 systems, there are two approaches to virtualization that are typically utilized with system VMs. The first is called a “hosted” approach. This method of software partitioning occurs on top of a host operating system and supports a very broad range of hardware configurations. One of the advantages to using a hosted VM is that it can be installed just like any other application program. Also, the virtualization software can have device drivers and other lower-level services provided to it from the host operating system. One famous example of a hosted VM is VMware’s GSX server, which runs on IA-32 hardware platforms [34, 12].
The second approach is referred to as “hypervisor” architecture. This is the first software layer installed on a bare x86-based system. Thus, it is commonly referred to as the “bare metal” approach. Since a hypervisor has direct access to its physical hardware resources, it is often more efficient than hosted architectures with regards to scalability, performance, etc. A hypervisor can be created to be closely coupled with operating systems or to remain agnostic to operating systems. The latter method can provide end users with the ability to implement an OS-neutral management architype. This would provide for the further rationalization of a data center. As can be expected, the isolation that hypervisors provide can be very beneficial to users concerned with protecting sensitive information from computer hackers and thieves [12].
7
Examples of Virtual Machines Software
Virtualization software that allows end users to provision virtual machines to any hardware system has achieved greater technological sophistication in recent years. Virtualization software has allowed IT administrators to increase server consolidation and containment, reduce the cost and diffi culty of business continuity, provision testing and development servers through the reuse of pre-confi gured systems, etc. Furthermore, cybersecurity standards have been increased in recent years through the isolation that virtual machine software provides for sensitive information, and the progress that has been achieved in virtualization technology shows no signs of slowing in the future.
The use of an enterprise level virtualization software can greatly increase organizational cybersecurity for numerous reasons. First, developers can test security software updates and application patches inside of an air gapped virtual machine that is not accessible to the Internet. This would prevent hackers from exploiting potential vulnerabilities. Furthermore, email attachments and unknown weblinks can be opened inside of virtual machines to prevent hackers from taking over the entirety of a computer system. Also, VirtualBox Enterprise off ers VM encryption by default for the enhanced protection of sensitive information. These benefi ts among others can substantially increase the extent to which customer information is kept safe from malevolent cyber actors [10].
One example of a virtualization software provider is VMware. Since 1998, VMware has delivered virtualization services for x86-based platforms, which encompasses the majority of desktop, laptop, and server products. VMware’s VM approach utilizes a uniform hardware image, integrated in software, in which operating systems and applications can run. Furthermore, VMware’s VirtualCenter provides for the management and provisioning of VMs, workload balancing across physical servers, and VMotion for VM mobility. VMware is perhaps most well-known for its hypervisors. Since 2001, VMware has provided hypervisor-based products to various clients in production deployments, with more than 75% of those customers running ESX server [14].
VirtualBox is another example of a popular virtualization technology in use today. VirtualBox is a free and open-source hypervisor designed for x86 computers. This program is currently being developed by Oracle. VirtualBox off ers a multitude of features for end users, such as a public API to control VM confi guration and execution, command line interaction, 64- bit guests, paravirtualization support for both Windows and Linux guests, USB3 device passthrough, etc. [4]. One of the other virtualization products that is currently being off ered by VirtualBox is Oracle VM VirtualBox Enterprise. This application can assist developers in the development and debugging of their applications in numerous operating systems and environments on one device. It can also recreate customer conditions, launch test/experiment sandboxes, clone production environments, test platform deployment changes without any changes to service, etc. [10].
8
Qubes, a Security-Focused Operating System
In recent years, many users have turned to free and open-source operating systems to enhance their personal cybersecurity and to protect themselves from state-level surveillance actors. One of the operating systems that has gathered widespread attention in the information technological community is called “Qubes OS.” Qubes is a Linux distribution that provides security to its users through an approach it has deemed “security by compartmentalization.” This is achieved by segregating the various aspects of your digital life (i.e. banking, social media, work, etc.) into separate virtual machines called qubes [3]. The virtualization is provided through the Xen Hypervisor, which allows for the utilization of multiple operating systems that run in separate virtual machines on the same hardware [13]. To clarify, this would allow a user to complete work-related tasks on a Windows virtual machine, access personal pictures and videos through an Ubuntu distribution, and check personal email with a Fedora virtual machine.
The primary reason that Qubes can provide enhanced security is that there is a special domain called “dom0” which is used to access all the virtual machines that a user may have running. Dom0 is not connected to the Internet, and it is only used for running the Desktop and Window Managers [7]. Thus, for a hacker to break into dom0, the only possible way to achieve this would be to break into a virtual machine that a user may have running, and perform a virtual machine escape to hack dom0. This is substantially more diffi cult than exploiting any number of vulnerabilities that are present in mainstream, commercialized, closed-source operating systems like Windows, macOS, etc. This is the primary reason why virtualization technology can provide enhanced security services to countless users through the isolation that hypervisor technology can bring, and the free and open-source nature of Qubes helps to prevent security vulnerabilities in coding, intentional coding backdoors, etc. The picture below represents a user running Qubes on a computer system. The diff erent qubes running are distinguished by color, and the dom0 domain is shown with two separate qubes running; one green (trusted) and one red (untrusted) [7].
Source: Getting Started – Qubes OS [7]
9
Introduction toNerdio
Nerdio is an innovator in the IT-as-a-Service field. It provides a complete virtual IT platform for small-to-medium sized organizations and the managed service providers (MSP) that serve them. Through virtualization technology, Nerdio is able to provide a fully-automated cloud platform with the reliability and expertise of wide-ranging IT infrastructure. Among several other services, Nerdio operates as a Desktop-as-a-Service (DaaS) provider, which is a type of virtual desktop infrastructure (VDI). A VDI utilizes server hardware to run multiple desktop operating systems and application software inside of a VM. End users can access these “virtual desktops” through their own devices. VDI providers can offer services such as setting up the infrastructure, backing up and storing data through the cloud, monitoring computer security, installing and updating applications, etc. [32, 22].
Deploying a virtual desktop with Nerdio is substantially easier than purchasing a traditional workstation and configuring it for a new employee, which can take one or more workdays and cost almost $120 per workstation installed. Since VDI providers like Nerdio deploy new workstations from one central image, creating a new virtual workstation would only take a few minutes. Furthermore, the utilization of a virtual desktop solution can mitigate various other organizational and cybersecurity tasks, such as risk and compliance upkeep, software updates and vendor best practices, the allotment of server space, etc. [8].
Famous Data Breaches thatNerdio Could Have Prevented
Data breaches have occurred with such frequency in the modern day that they seem to have desensitized the public as to their utter malevolence. To clarify, if there had been only one-tenth as many data breaches, they would appear much worse. In fact, according to the Privacy Rights Clearinghouse, a small number of large data breaches have accounted for most of the records lost, and nearly all of these breaches share the same characteristics that led to their exploitability and severity. What is perhaps most depressing is that many of the largest data breaches that have occurred could have been very easily prevented with quick, simple implementations of mundane cybersecurity concepts, such as two-factor authentication, strong passwords, etc. Some of the biggest data breaches that have occurred in the past few years will be examined below, and the primary factors that led to their origination will also be examined. Furthermore, the impact of using an IT-as-a-Service solution like Nerdio will also be portrayed in light of the factors that led to the loss of the sensitive information in these data breaches.
10
Deloitte, one of the premier “big four” accountancy firms, was targeted by a cyber attack that exposed sensitive client emails, usernames, passwords, IP addresses, etc. Even though Deloitte discovered the breach last March, attackers were believed to have gained access in October or November of 2016. As of October 2017, six of the firm’s clients have been affected by the breach. The hackers were able to compromise the firm’s email server via an “administrator account” which granted privileged “access to all areas.” The hacker’s work was made easier due to the fact that multifactor authentication was not enabled on the account. However careless a mistake this may seem, in an international company with tens of thousands of employees and revenues in excess of $37 billion, mistakes like this are almost certain to occur [23].
Deloitte
Last June, Nerdio announced the release of Nerdio for Azure, an entire IT automation platform that is integrated with Microsoft Azure, which is where Deloitte’s email service was stored at the time of the breach [23, 33]. Also, last March, Nerdio announced its integration with Mimecast, an email and data security company, to protect its users against email-related hacks and attacks. Mimecast’s platform supports the native utilization of two-factor authentication, which could have stopped the Deloitte hackers dead in their tracks [9]. Further, since Nerdio’s virtual workstations can be deployed from a singular VM image, each of Deloitte’s physical pieces of hardware could have had the exact same security specifications enabled if Nerdio was utilized in this instance.
Nevertheless, one could point to the size of Deloitte’s operations to claim that the initiation of one singular VDI provider would prove to be too big an expense to undertake. However, the fact that a company like Deloitte utilizes so many pieces of physical hardware almost demands that each piece of hardware fulfill the same core, minimum cybersecurity specifications across the entire company, and this can only be fulfilled through the utilization of a VDI provider that can automatically deliver the security software patching, risk and compliance work, native multifactor authentication enablement, and native encryption across all IT environments.
11
The American investment bank JP Morgan suffered a data breach in 2014 that was deemed the “biggest bank breach in history” [20, 29]. The breach exposed the personal information of more than 76 million customers and seven million businesses, including names, addresses, email addresses, etc. Hackers were able to obtain a list of the applications and programs that ran on JP Morgan’s computers, which allowed for the potential exploitation of known vulnerabilities through the program and web application framework [31].
JP Morgan
However, the JP Morgan hack was not caused by an obscure, technologically complex zero-day exploit that developers had no time to address. Hackers were able to log into a network server that did not possess two-factor authentication with the stolen login credentials from a JP Morgan employee. Once inside the network server, hackers were able to establish a foothold to further penetrate JP Morgan’s corporate network. These stepping stone attacks have become increasingly common over the past few years. Even though there were no widespread reports of fraudulent credit activity among JP Morgan’s customers, the main risk of a data breach similar to the one that JP Morgan suffered is that the email account information stolen can be utilized to perform more convincing phishing attacks in the future against other organizations [25].
Just like in the Deloitte breach, two-factor authentication was the one simple, preventable component that could have stopped the loss of millions of records. This is all the more reason why a platform like Nerdio can significantly improve the cybersecurity landscape of large multinational business platforms due to the fact that virtual workstations come with security software pre-enabled, and that two-factor authentication is natively enabled on virtual workstations via policy settings and out-of-the-box IT environment setup. This would prevent the accidental exposure of corporate data through a missing security patch and absence of two-factor authentication. The lack of insufficient cybersecurity protections with regards to data loss costs the average company over $15 million every year, and the pre-configured cybersecurity software and updates that VDI providers offer can go a long way to decrease that average [31].
12
OPM
To use an example from the field of health science, if one is trying to lose weight, one would no doubt hear the primordial but effective advice to exercise and watch your diet. Even though those are two simple and mundane ideas to implement, they are the most effective to reduce your waistline. In the case of cybersecurity, if a business or governmental organization is trying to improve its cybersecurity health, numerous computer scientists and security professionals would say to start with basic things like two-factor authentication, file encryption, strong passwords, etc. [1]. Even though these seem like mundane and simple practices to implement, many companies and organizations are guilty of not implementing these easy but effective measures, and could be classified as morbidly obese.
In 2014, the United States Office of Personnel Management (OPM) could have been classified as super morbidly obese. OPM made several mistakes with regards to cybersecurity before the notorious hack in 2014. To explain, for the most part, government agencies have become increasingly reliant on numerous outside contractors to provide even the most basic of IT services. This has resulted in a spider web of different IT systems and security software. As of June 2015, of the 47 major IT systems employed at OPM, 22 of them were run by contractors. This resulted in OPM’s cybersecurity team possessing limited visibility into those outside projects, and even the inside projects were found to be devoid of basic cybersecurity measures [21].
For example, even though OPM instituted constant monitoring of its systems with security information and event management (SIEM) tools, those tools only covered 80% of OPM’s systems. Also, with regards to OPM’s security testing, seven out of 25 of its major systems had inadequate documentation. Perhaps most shocking is the fact that none of the agencies 47 major applications required multifactor authentication, which was a violation of an Office of Management and Budget mandate for federal systems [21].
When an organization is responsible for managing the private information of millions of people, using numerous IT frameworks from multiple outside contractors without possessing oversight into their operations can help to create a playground for potential hackers inside of your organization. The importance of synergy, consistency, and vigilance cannot be overstated when attempting to secure the personal information of millions of people, and all three of these qualities can be improved through the use of one, cohesive, singular VDI provider. If OPM would have utilized a single provider for all of its physical machines, each one would have had two-factor authentication natively enabled, security software updates would have been installed automatically, compliance requirements would have been met for each machine by the VDI provider, and no personal information would have needed to exist on any of the on-premises physical servers because it would have existed in a secure third-party data center. The possession of multiple security programs from different contractors makes it substantially more difficult for organizations to apply security updates to each individual application, and it becomes increasingly easier to make mistakes. The use of one platform to handle all of the business or governmental functions of an organization may seem to be a colossal IT task to undertake, but one can assume that it would be far easier to adopt than reacting after a data breach that exposes the personal information of 14 million people [21].
13
The Privacy Rights Clearinghouse (PRC) is a non-profi t organization in California that collects data breach information that includes the type of information exposed, the type of industry targeted, the type of hack (i.e. portable device stolen, malware exploitation, etc.), the date that the breach occurred, etc. The PRC was founded in 1992 with funding from the Telecommunications Education Trust, a former program of the California Public Utilities Commission. In 2012, Beth Givens, the founder and Executive Director of the PRC, was awarded the Consumer Federation of California’s Consumer Warrior Award for consumer and privacy advocacy [2].
Of the 7,699 data breaches currently in the database, 2,382 possess a confi rmed amount of records lost. Of those 2,382, 636 were classifi ed as portable device (PORT) breaches, and 135 were classifi ed as stationary device (STAT) breaches. PORT breaches involve lost, discarded, or stolen laptops, smartphones, hard drives, and other portable devices, and STAT breaches involve lost, discarded, or stolen stationary devices that house sensitive information, such as desktop computers or servers. Human imperfectability makes it almost certain that employees will continue to lose sensitive electronic devices. However, the utilization of a VDI solution like Nerdio can enhance corporate cybersecurity through the securing of essential information [5].
Analysis of Privacy Rights Clearinghouse Breach Information
14
To explain, perhaps the most useful cybersecurity feature that is made possible through the use of a VDI solution is that since all corporate information is stored on the third-party server that provides the virtualization, no sensitive information is stored on any individual device. Unless a thief successfully obtains credentials to access the corporate VMs that are utilized by a particular business, the device that was lost or stolen will not leak any sensitive information. The utilization of a third-party VDI provider eliminates the need to take the risk of storing data on each device that a company entrusts to its employees. Furthermore, since all company information is stored in a central third-party server, data redundancy is decreased by eliminating the need to store duplicate files on multiple employee devices. The migration of data onto a third-party desktop provider would have helped prevent the sensitive exposure of information that was leaked through 22 PORT and STAT mega breaches that occurred from 2005-2016, which resulted in the loss of almost 160,000,000 records, and this would have all been achieved without any additional employee training, new staff additions, etc. [5].
Future of Virtual Machine Software and Virtualization Technoogy
Virtualization technology has experienced exponential change since its birth in the 1960’s, and the future will most certainly bring drastic changes to the way businesses interact with the cloud and utilize software applications through virtualization technology. Software-defined networking (SDN) has emerged as an approach to networking that allows administrators to modify, change, and manage network traffic dynamically through the utilization of open interfaces. SDN addresses the fact that the traditional static architecture of networks cannot accommodate the scalable and dynamic processing and storage demands that are required in most data centers. The main element in SDN that allows for the modification of network traffic is the introduction of a layer of abstraction between the traditional forwarding and control planes. To clarify, this element of SDN architectures allows network control to become directly programmable [11]. This development among others can bring substantial innovation to virtualization technology in the coming years, along with changes in bandwidth and hardware prices, the potentiality of quantum computing, etc.
15
One of the topics in computer science that has generated the most excitement since the turn of the millennium has been the promise of quantum computing. Quantum computing utilizes quantum-mechanical concepts, such as entanglement and superposition, to perform computational work at substantially higher speeds than traditional computers. Due to the increases in processing speed that quantum computing is sure to bring, the eventual advent of a powerful quantum computer wouldoccur with several problems for computer cryptographers around the world. Through the utilization of Shor’s algorithm, a quantum algorithm used for integer factorization, a quantum computer would be able to crack cryptographic protocols/architectures such as Rivest-Shamir-Adleman (RSA) and elliptic curve digital signature algorithm (ECDSA) [27].
This potential development would render several virtual desktop software programs that utilize TLS/SSL unsecure, such as QVD [15]. Thus, research must be conducted at the academic and enterprise level as to how virtualization technology can adapt to the changing cybersecurity landscape posed by quantum computers. Post-quantum cryptographic algorithms have been presented as a measure to guard against the adage “intercepted today, decrypted tomorrow” [17]. Some of the post-quantum approaches to cryptography include hash-based signature schemes, multivariate-quadratic-equations, lattice-based, and secret-key cryptography. Hash-based signature schemes, in particular, have been regarded as among the most viable, secure solutions to the eventual onslaught of quantum computing due to the uniqueness of the hash functions employed for each signature scheme, and the relation of security proofs to the characteristics of hash functions [27].
Future Impact of Quantum Computing
16
Data centers have often been viewed as static and rigid environments, typically housing hundreds of server racks in a locked-down building that could encompass a football field. Since many businesses are becoming increasingly distributed and dynamic, the technology that supports data centers needs to become as scalable and agile as necessary. The growth in virtualization technology, the diminishing of hardware and bandwidth costs, and the increased processing speed of modern computers has allowed for somecompanies to ditch the data center altogether and to ascend into the cloud. For example, media giant Conde Nast sold off its entire 67,000-square-foot data center in an effort to move its entire IT workload to the cloud. Amazon Web Services was chosen to be the cloud provider, and over the course of three months, the data center
had migrated over 500 servers, one petabyte of stored data, over 100 databases, etc. This effort resulted in a 40% increase in core IT content-related functionalities and a 40% decrease in operating costs [29]. The cloud migration success story of Conde Nast is only a sign of the changes that are going to occur for most Global 2000 enterprises [6]. According to Gartner, the software-defined data center (SDDC) will be a programmatic requirement for 75% of Global 2000 enterprises that wish to implement a hybrid cloud model and a DevOps strategy. An SDDC is a data center in which all infrastructure is virtualized and delivered to the customer “as-a-service.” [6].
Feasibility of VirtualizedData Centers
One of the data center models that has gained popularity in recent years is the “pay-for-use” data center. Aligned Data Centers (ADC) has marketed such a model designed for enterprises, government agencies, service providers, etc. ADC utilizes a usage-based pricing model that does not require customers to sign long-term contracts for power that they may or may not need. ADC’s model allows customers to adjust capacity based on their individual business needs, which will further increase optimization and decrease operating costs for ADC’s customers [30]. The scalability and optimization that can be seen in ADC’s model can be witnessed in the rise of VDI and cloud IT providers as well, and the growth of virtualization technology makes the process of trimming IT costs and transitioning to a third-party provider easier and more cost-effective than ever before.
17
One of the most widely known observations in computer science that is used to project the growth of processing power is Moore’s Law. Moore’s Law states that the number of transistors packed into integrated circuits doubles approximately every two years. This prediction has proven itself accurate for several decades, and it has led to the commercialization of more powerful computers for end users well into the 21st century [26]. If the law continues into the next decade, it will no doubt lead to a decrease in the price of cloud storage and virtualization services, as competitors will be able to process information and store information more effectively. This trend has led one writer at Gigaom to refer to the recent cost decreases in cloud computing and virtualization services as Bezos’ Law [18].
Greg O’ Connor, the CEO of AppZero, defined Bezos’ Law as the observation that the cloud computing price per unit has decreased by 50% approximately every three years over the history of the cloud. Connor utilizes pricing data from Amazon Web Services to show that their reduction in price across their cloud platform has correlated with a 50% reduction approximately every 3 years since 2008. There is no reason to believe that technological advances in the future cannot cause the price of cloud computing and desktop virtualization services to drop to levels that are orders of magnitude lower than what they are now.
Furthermore, one of the future promises of decreasing bandwidth costs is the feasibility of Networking-as-a-Service (NaaS) product offerings [24]. Pacnet, a network services provider in the Asia Pacific, offers a portal to its customers in which they can spin up the network capacity that they need, whether it be 1Mbps or 100Gbps. The changes in networking capacity can be implemented and provisioned in minutes, just like any other cloud service. NaaS is another concept that will further enable businesses and organizations to adopt cloud computing platforms and virtualization services in the future as consumers will be able to utilize as much bandwidth as they need at one time, and then turn off whatever networks are not currently utilized in order to prevent bandwidth waste. Since one of the only cost drivers to using a VDI provider is the bandwidth that is consumed to connect with the third-party service, the decrease in bandwidth costs that has occurred over time will only continue to make the cost-effectiveness and pricing models of VDI providers more attractive in the near future [35].
Impact of Decreasing Hardware and Bandwidth Costs on Virtualization
18
In Conclusion
In conclusion, the utilization of a VDI provider like Nerdio can signifi cantly improve the cybersecurity landscape of countless businesses and governmental organizations throughout the country. Ever since their introduction in the 1960’s and 1970’s, virtual machines and virtualization software have both increased the operational capacity of modern computers to the extent that interface constraints, hardware limitations, and operating system incompatibilities do not limit a user from achieving their objectives. Today, users and organizations can improve their cybersecurity standing through the isolation of sensitive information that virtual machines provide. Also, the introduction of VDI providers like Nerdio to the marketplace further decreases the numerous and complex tasks associated with maintaining a strong cybersecurity landscape, such as risk and compliance obligations, security software updates, automatic data backups, etc.
No computer scientist or software developer can accurately predict what the future will entail for cybersecurity, but consistent eff ort, vigilance, and dedication to the newest developments and computational and technological innovations could help make the diff erence between preventing a sophisticated hacker from penetrating your organization and allowing a hacker to steal millions of records from your organization, without anyone being the wiser. One of the principles of adopting a vigilant cybersecurity regiment is taking proactive instead of reactive steps to securing your data. Utilizing a VDI provider like Nerdio can be a pivotal proactive step in isolating sensitive data, increasing organizational mobility, limiting organizational and logistical responsibilities, and reassuring your customers as to the safety of their information.
19
1. “10 Basic Cybersecurity Measures - Best Practices to Reduce Exploitable Weaknesses and Attacks.” Industrial Control
Systems Cyber Emergency Response Team, ICS-CERT, June 2015 www.ics-cert.us-cert.gov/sites/default/files/documents/10_
Basic_Cybersecurity_Measures-WaterISAC_June2015_S508C.pdf.
2. “About the Privacy Rights Clearinghouse.” Privacy Rights Clearinghouse www.privacyrights.org/about.
3. “An Introduction to Qubes OS.” Qubes OS www.qubes-os.org/intro/.
4. “Chapter 1. First Steps.” Virtual Box, Oracle Corporation www.virtualbox.org/manual/ch01.html.
5. “Data Breaches.” Privacy Rights, Privacy Rights Clearinghouse www.privacyrights.org/data-breaches.
6. “Gartner Says the Future of the Data Center Is Software-Defined.” Gartner, 24 Sept. 2015
www.gartner.com/newsroom/id/3136417.
7. “Get Started.” Qubes OS www.qubes-os.org/getting-started/.
8. “Hidden Cost Savings of Desktop-as-a-Service.” Nerdio www.getnerdio.com/wp-content/uploads/2017/08/white-paper-
hidden-cost-savings-of-desktop-as-a-service-8-8-17.pdf.
9. “Nerdio Integrates Mimecast For Enhanced Email Security.” PR Newswire: News Distribution, Targeting and Monitoring, Adar,
20 Mar. 2017 www.prnewswire.com/news-releases/nerdio-integrates-mimecast-for-enhanced-
email-security-300425163.html.
10. “Oracle VM VirtualBox 5.0 Overview.” Oracle, Oracle Corporation, Mar. 2016
www.oracle.com/us/technologies/virtualization/oracle-vm-virtualbox-overview-2981353.pdf.
11. “Software-Defined Networking (SDN): Layers and Architecture Terminology.” RFC Editor, Internet Research Task Force, Jan.
2015 www.rfc-editor.org/rfc/pdfrfc/rfc7426.txt.pdf.
12. “Virtualization Overview.” VMware, VMware, Inc. www.vmware.com/pdf/virtualization.pdf.
13. “Virtualization.” Xen Project www.xenproject.org/users/virtualization.html.
14. “VMware Infrastructure Architecture Overview.” VMware, VMware, Inc. www.vmware.com/pdf/vi_architecture_wp.pdf.
15. Arenas, Nicholas. “The Manual of QVD Architecture.” QVD, Qindel Group, 15 Sept. 2017
www.docs.theqvd.com/docs/en/4.0/Architecture.pdf.
16. Arms, William Y. “Early Timesharing.” The Early Years of Academic Computing, Cornell University
www.cs.cornell.edu/wya/AcademicComputing/text/earlytimesharing.html.
Distribution, Targeting and Monitoring, Adar, 20 Mar. 2017
www.prnewswire.com/news-releases/nerdio-integrates-mimecast-for-enhanced-email-security-300425163.html.
10. “Oracle VM VirtualBox 5.0 Overview.” Oracle, Oracle Corporation, Mar. 2016
www.oracle.com/us/technologies/virtualization/oracle-vm-virtualbox-overview-2981353.pdf.
11. “Software-Defined Networking (SDN): Layers and Architecture Terminology.” RFC Editor, Internet Research Task Force, Jan.
2015 www.rfc-editor.org/rfc/pdfrfc/rfc7426.txt.pdf.
12. “Virtualization Overview.” VMware, VMware, Inc. www.vmware.com/pdf/virtualization.pdf.
13. “Virtualization.” Xen Project www.xenproject.org/users/virtualization.html.
14. “VMware Infrastructure Architecture Overview.” VMware, VMware, Inc. www.vmware.com/pdf/vi_architecture_wp.pdf.
15. Arenas, Nicholas. “The Manual of QVD Architecture.” QVD, Qindel Group, 15 Sept. 2017
www.docs.theqvd.com/docs/en/4.0/Architecture.pdf.
16. Arms, William Y. “Early Timesharing.” The Early Years of Academic Computing, Cornell University
www.cs.cornell.edu/wya/AcademicComputing/text/earlytimesharing.html.
References
20
17. Chang, Yun-An, et al. “Postquantum SSL/TLS for Embedded Systems.” 2014 IEEE 7th
International Conference on Service-Oriented Computing and Applications, 2014, doi:10.1109/soca.2014.23.
18.Connor, Greg O’. “Moore’s Law Gives Way to Bezos’s Law.” Gigaom, GigaOM Media, 19 Apr. 2014
www.gigaom.com/2014/04/19/moores-law-gives-way-to-bezoss-law/.
19. Creasy, R. J. “The Origin of the VM/370 Time-Sharing System.” IBM Journal of Research and Development, vol. 25, no. 5, 1981, pp.
483–490., doi:10.1147/rd.255.0483.
20. Crowe, Portia. “JPMorgan Fell Victim to the Largest Theft of Customer Data from a Financial Institution in US History.” Business
Insider, Business Insider, 10 Nov. 2015 www.businessinsider.com/jpmorgan-hacked-bank-breach-2015-11.
21. Gallagher, Sean. “‘EPIC’ Fail—How OPM Hackers Tapped the Mother Lode of Espionage Data.” Ars Technica, 21 June 2015 www.
arstechnica.com/information-technology/2015/06/epic-fail-how-opm-hackers-tapped-the-mother-lode-of-espionage-data/.
22. Harbough, Logan. “The Pros and Cons of Using Virtual Desktop Infrastructure.” PCWorld, PCWorld, 22 Mar. 2012
www.pcworld.com/article/252314/the_pros_and_cons_of_using_virtual_desktop_infrastructure.html.
23. Hopkins, Nick. “Deloitte Hit by Cyber-Attack Revealing Clients’ Secret Emails.” The Guardian, Guardian News and Media, 25 Sept.
2017 www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails.
24. Kipp, Scott. “Exponential Bandwidth Growth and Cost Declines.” Network World, Network World, 10 Apr. 2012
www.networkworld.com/article/2187538/tech-primers/exponential-bandwidth-growth-and-cost-declines.html.
25. Leyden, John. “JPMorgan Chase Mega-Hack Was a Simple Two-Factor Auth Fail.” The Register - Biting the Hand That Feeds IT, 23
Dec. 2014 www.theregister.co.uk/2014/12/23/jpmorgan_breach_probe_latest/.
26. Moore, Gordon E. “Cramming More Components Onto Integrated Circuits.” Proceedings of the IEEE, vol. 86, no. 1, 1998, pp.
82–85., doi:10.1109/jproc.1998.658762.
27. Mozaffari-Kermani, Mehran, and Reza Azarderakhsh. “Reliable Hash Trees for Post-Quantum Stateless Cryptographic Hash-Based
Signatures.” 2015 IEEE International
Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFTS), 2015, doi:10.1109/dft.2015.7315144.
28. Prince, Brian. “JPMorgan Hackers Compromised Server Unprotected by Two-Factor Authentication.” SecurityWeek.Com, Security
Week, 23 Dec. 2014 www.securityweek.com/jpmorgan-hackers-compromised-server-unprotected-two-factor-authentication.
29. Robb, Drew. “The Data Center of the Future and Cloud Disaster Recovery.” Data Center Knowledge, 10 May 2017
www.datacenterknowledge.com/archives/2017/05/10/the-data-center-of-the-future-and-cloud-disaster-recovery.
30. Shein, Esther. “Cloud, Virtualization Take Toll on Data Centers.” Computerworld, Computerworld, 21 Dec. 2015
www.computerworld.com/article/3017113/data-center/cloud-virtualization-take-toll-on-data-centers.html.
31. Silver-Greenberg, Jessica, et al. “JPMorgan Chase Hacking Affects 76 Million Households.”The New York Times, The New York
Times, 2 Oct. 2014 www.dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/.
32. Sivis, James. “Nerdio Brings Teramind’s DLP Service to Its ITaaS Platform.” Nerdio, 23 May 2017
www.getnerdio.com/blogs/nerdio-brings-teraminds-data-loss-prevention-itaas-cloud-platform/.
33. Sivis, James. “Nerdio Delivers First-Ever IT Automation Platform for Nerdio Azure.” Get Nerdio, Adar
www.getnerdio.com/blogs/nerdio-delivers-first-ever-it-automation-platform-microsoft-azure/.
34. Smith, James E., and Ravi Nair. “High-Level Language Virtual Machine Architecture.” Virtual Machines, 2005, pp. 221–279.,
doi:10.1016/b978-155860910-5/50006-9.
35. Turney, Drew. “Bandwidth: The New Frontier of Cloud Computing.” ZDNet, ZDNet, 15 June 2015
www.zdnet.com/article/bandwidth-the-new-frontier-of-cloud-computing/.
21
Phone Email
Web
getnerdio.com844-463-7346
Phone Email
Web
searchlight-online.com636-352-8238
Related Documents
