5 Laws of Virtualization SecurityBy Baselinemag | Posted 2008-04-30 Email Print
Virtualization technology can deliver cost savings and improve IT performance, but it also introduces new security concerns. In this summary of a Burton Group report, security expert Pete Lindstrom examines the security considerations unique to virtualized IT environments.
The virtualization of clients and servers—and the impact it has on networks and storage—is a hot topic in IT. As a result, it’s also a hot topic in security.
There are multiple perspectives on how virtualization impacts security. Some claim that virtualization’s isolation properties make it beneficial to security, while others say the added complexity of the overarching management software—known as the hypervisor—and the opportunity to “escape the virtual machine (VM)” are detrimental to security.
As with any new technology as broad and comprehensive as virtualization, such security concerns are critical. In addition, the combination of technical details and marketing messages from vendors can create a potent cocktail of ambiguity about the real impact these new architectures have on risk management and security.
Beyond the superficial discussions of hypervisor-based rootkits and discovery techniques are the very real issues of allocation of information assets and the relative impact on threats and vulnerabilities. Indeed, virtualization comes with its own set of unique security considerations. The appropriate protection response to these inherent security characteristics is a measured approach that carefully considers the impact on the existing IT infrastructure; a factored analysis of threats, vulnerabilities and consequences; and an understanding of the impact on existing security solutions.