Join Newsletter
Forgot
password?
Register
Trusted Business Advisors, Expert Technology Analysts

Taneja Blog

Taneja Blog / Software Defined/Virtualized Infrastructure

IT Managers and Virtualization: Plagued by Insecurity?

The security of virtualized environments is rapidly becoming one of the most talked about issues in IT circles. The number of new web-based articles and blog postings on this topic has skyrocketed, multiplying some twenty-fold over the past two years. Several highly popular conference keynotes have recently addressed this topic, and hardly a week goes by that a prominent analyst or IT guru fails to weigh in on the subject. Are IT professionals themselves becoming insecure about the security of their virtual infrastructures? Is all of this media attention justified?

We believe the answers to these two questions, respectively, are "a little bit" and "yes". Any IT professional who has endured the pain of a major security breach is entitled to at least a touch of paranoia. A hypervisor that assumes many of the traditional functions of a general-purpose operating system - and interacts closely with underlying systems hardware - is clearly open to attack, and will increasingly become a target for hackers. And while proven, thinned down hypervisors such as VMware ESXi are much less vulnerable than Windows, they are far from bulletproof. Virtual machines, which tend to propagate rapidly in a newly virtualized environment, are also susceptible to attacks, particularly if their guest OS's are not properly patched or updated.

How can IT managers protect their virtual infrastructures from exploits and other intrusions? As a first step, they should treat security in their virtual environments at least as rigorously as they do in their physical ones. Virtual machines require the same level of care as physical systems, and given their tendency to multiply, may warrant even greater attention. IT managers should adapt existing operational policies and practices to meet the security needs of their virtual infrastructures. For example, strict policies must be defined and implemented for patching and updating virtual machines, and for tracking and managing them as they are moved between physical systems.

While the tools and practices for securing virtual environments are still in their infancy, IT managers should be encouraged by recent industry progress. The largest virtual infrastructure vendors are working on initiatives to enable a rich ecosystem of security solutions, as VMware is now doing with its VMsafe program. And the first industry conference dedicated to virtual machine security - bringing together vendors, users and academia - was held in conjunction with a larger ACM security conference in late October. With all this attention and brainpower being devoted to securing virtualized environments, IT managers might soon be able to rest a little easier.

  • Premiered: 11/11/08
  • Author: Jeff Byrne
Topic(s): Security Server Virtualization virtual infrastructures virtual machines

Comments

There are no comments to display. Scroll down to leave your own!

 

Leave a Comment

You must be logged in to comment. Click here to log in or register if you don't have an account.