Ask the Expert

Where do I start in discussing virtual security with my customers?

Virtualization has profound architectural and security ramifications. Where do I start in discussing virtual security with my customers?

    Requires Free Membership to View

Virtualization offers fantastic solutions to many of the economic and technology-driven problems that enterprises and small business alike share today. The thought of consolidating expensive and underutilized computing and storage platforms to reduce footprint, power and cooling costs, and improve resilience is tantalizing to any CIO or CFO.

The challenge arises when the network and security teams discover that they've lost a good deal of the security visibility and operational control they once had, since both the network and hosts are virtualized on a single platform operated by the server administrators. This makes compliance, competencies and separation of duties trickier.

To ensure virtual security, work with your customers to address policies, procedures and responsibilities across server administration, network and security teams before you start deployments. This will limit the operational impact of virtualization.

Further, virtualization adds complexity that extends beyond management and provisioning, and changes the attack surface of your server and workstation deployments. Until security technology catches up with the virtualization vendors and tools become better integrated with the underlying virtualization infrastructure, recommend the following basic virtual security guidance to your customers:

  • Follow the virtualization vendor's virtualization security hardening recommendations, paying strict attention to management and security settings.
  • Harden virtual hosts by using the same processes, procedures and technologies you would employ on a physical server.
  • Isolate virtual hosts in physically or logically segmented networks to prevent attackers from leapfrogging to traditionally secured physical hosts until you are comfortable with the impact virtualization has on security and networking.
  • Group virtual machines that interact with one another on the same host using properly allocated virtual switch(es) to optimize performance and security.
  • Perform a risk assessment that demonstrates clearly that the business understands what consolidating critical service infrastructure means to service levels, availability, business continuity planning and disaster recovery.
  • Take into consideration that licensing models for security applications are still evolving in the virtualized world.

The best discussion to have with clients about virtualization is how to balance the business benefits with the potential operational, architectural and security changes, and be honest about how that will impact the organization.

This was first published in April 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: