Virtual security in a real world

11/20/2009 09:23

Virtualization has become a force to be reckoned with for organizations of all sizes and shapes. The flexibility and consolidation options available in virtualized environments give this technology an unusual distinction: it appeals to both the engineers and the accountants. But as with any new technology, virtualization does bring new security considerations.

Virtualization allows a "host computer" to run multiple "virtual computers" as applications, with all of them sharing the same physical server hardware. Different vendors have different terms and implement this in different ways, but basically they all run computer operating systems as applications. This has many benefits; allowing better hardware to be employed (as it is shared by numerous servers) and the infrastructure to be reconfigured at will. Need more memory for your web server? Change the settings on the virtual host computer. Need to test whether a new application will work with your other applications? Make a copy your server's virtual computer hard drive files and fire it up for a test install.

Generally, virtualization security considerations don't center on any new types of regulations or threats. Making sure that both the server hosting the virtual computers and the virtual computers themselves are secured and monitored properly is really the key to securing this new environment. This may mean securing unfamiliar host operating systems (some vendors have custom host environments) and remembering to make sure new virtual computers are properly secured before connecting to the network.

This can be challenging in environments where end users can bring new virtual computers online at will, such as for software testing. A good change management infrastructure is needed to ensure that new virtual computers have the required patches, lockdowns, and anti-malware configurations necessary to avoid compromising security.