Virtualisation increases IT security pressures

Virtualisation is flavour of the month but it could bring significant problems in managing security and compliance.


Virtualisation technology, which allows multiple operating systems to run different applications on a single computer, has caught the attention of IT managers for its promise to let them better manage and utilise corporate IT resources.

However, some IT managers and security researchers warn that the emerging technology also makes corporate systems far more vulnerable to hackers.

Chad Lorenc, information security officer at a financial services company that he asked not be named, said that IT security and compliance projects are far more complex undertakings on virtual machines than on servers that run a single operating system and application.

"It is a very complex issue. I'm not sure you are going to find a single solution" for addressing security concerns in a virtual environment, Lorenc said.

"There is no silver bullet," he added. "You have to tackle [security] from a people, process and technology standpoint."

Virtualisation technologies allow companies to carve out multiple virtual machines within a single physical resource such as a computer server or storage array.

The technology allows companies to consolidate applications running on multiple systems into a single server, which promises to ease management requirements and allow IT hardware resources to be better utilised.

Analysts note that although the technology has been around for several years, IT organisations have become more interested in recent months as Virtualisation products have emerged from the research labs of companies such as Intel, Advanced Micro Devices, VMware, Microsoft and IBM.

But before IT managers turn to Virtualisation tools, they must understand that collapsing multiple servers into a single box does not change their security requirements, said George Gerchow, technology strategist at security vendor Configuresoft's Centre for Policy & Compliance..

In fact, he noted, each virtualised server separately faces the same threats as a traditional single server. "If a host is vulnerable, all associated guest virtual machines and the business applications on those virtual machines are also at risk," Gerchow said.

"Recommended For You"

The next frontier in virtualisation Microsoft not patching Virtual PC flaw