Security - Baseline
Home arrow Security arrow Page 4 - 5 Laws of Virtualization Security















Renew Your Subscription

Security



5 Laws of Virtualization Security



By Baselinemag
2008-04-30
Article Views: 16491
Article Rating:starstarstarstarstar / 1

  Table of Contents:
  1. 5 Laws of Virtualization Security
  2. Rules of the Game
  3. Putting the Laws into Practice
  4. Security Benefits
  5. Attacking Virtualization
  6. The Impact on Risk
  7. Security Safeguards

Virtualization technology can deliver cost savings and improve IT performance, but it also introduces new security concerns.  In this summary of a Burton Group report, security expert Pete Lindstrom examines the security considerations unique to virtualized IT environments.

Rate This Article:
Poor Best
Add This Article To:

5 Laws of Virtualization Security - Security Benefits


( Page 4 of 7 )


Security Benefits

Shared content and resources are the bane of security professionals, who spend most of their time collecting, categorizing, grouping and then separating resources in ways that make sense. Sometimes this grouping is done by business units, and sometimes it’s done by other means, such as the classification of the content.

A virtual environment can provide a way to separate program resources and content to enhance security. Shared resources also share risk at the aggregate level. Separating resources and content allows for stronger protection of higher-risk resources and reduces the overall impact of a compromise. A number of valuable uses could come out of this. For example:

  • A single application or a set of applications could be run in a VM guest (or compartment) separate from all other applications.
  • A consultant working for two different companies could do work for each client in a separate VM.
  • An individual working on a personal computer could use one VM for business and another for personal finances and other home-related work.

User behavior can vary widely—from strong risk tolerance to strong risk aversion. Sometimes, this behavior can change quickly. Obviously, this creates a problem whereby the risk-tolerant behavior impacts the risk-averse requirements. An isolated temporary environment can provide a way to allow risk-tolerant behavior without significantly impacting the risk-sensitive resources.

One technique for virtual environments involves creating a “sandbox” VM and using it for risky activities. Assuming the content being created and the changes being made are insignificant in the long term, a user can “turn back time” to a point where the VM configuration was “known good”—typically reverting to the standard image. An obvious use for such a configuration is for shared systems, such as training systems and kiosks, to allow for maximum flexibility on the user side without creating any long-term damage.

The sandbox scenario also provides an obvious case in which streamlined recoverability is useful. In fact, the more frequent the reversion to a known-good state, the lower the potential for harmful consequences.

VMs also can be multiplied and distributed in many different ways. This flexibility is a boon to disaster recovery specialists looking for ways to increase availability. Maintaining replicated environments that are physically separate and creating images that can be recovered quickly contribute to the overall availability of the resources.




 
 
>>> More Security Articles          >>> More By Baselinemag
 



Sponsored Links
  • Get up and running in as quickly as 30 days with BI. Learn how today.

  • FREE Securing Smartphones & Tablets for Dummies Book from Sophos
  • 5 New Technologies That Will Change Enterprise ITAdvertisement
  • Build an IT Infrastructure That Delivers the Future
     
    		•
     
    FEATURED SPONSORED ARTICLES
    FEATURED SPONSORED VIDEOS

     

    Related Content

    Articles Labs/How-To Multimedia


    LATEST STORIES
    - Five Ways to Put Mobile Technology to Work
    - Ten iPhone Apps that Will Save You Money
    - Mobility Transforms the Customer Relationshi...
    - BPM Keeps Pace With Business Changes
    - Speech Recognition Speaks To Businesses


     

     

    Advertisement
    rss graphic
           Baseline Newsletters

    Baseline:  

    Issue Index | Contact Us | About | Magazine Customer Service | Navigation Guide

    Quick Links:  

    Project Planners | Enterprise Resource Planning | Network and Online Security | Data Analysis | Process Management | Storage Devices| Link to Us

    Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
    Tech RSS Feeds | White Papers | Tech Podcasts | Tech Video | VARs | System Builder

    Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
    eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
    Publish | Security IT Hub | Strategic Partner | TechDirect | Technology White Papers | Windows for Devices

    Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
    Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

    Use of this site is governed by our Terms of Use and Privacy Policy

    Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.