Virtualization Can Weaken Security if Not Done Right

Today’s datacenter needs to use resources efficiently to flexibly adapt to changing business requirements. Check back for updates on how to get the best performance from your IT infrastructure at the best total cost of ownership.

Savvy companies look at IT infrastructure as a strategic enabler of business initiatives, not as a cost center. Check out this specialized content to see how business needs can drive the data center.

With business requirements evolving so quickly, find out how your enterprise can ensure the longevity of its IT investment and deploy technology today to meet tomorrow's needs.

Virtualization Can Weaken Security if Not Done Right
Research firms says companies that adopt virtualization without having best practices in place run the risk of jeopardizing enterprise security.

By Amy Larsen DeCarlo
Network Computing
April 5, 2007

Let's catalog Gartner's observations first:

1. Virtualization software—such as hypervisors—represents a new layer of privileged software that will be attacked and must be protected.
2. The loss of separation of duties for administrative tasks, which can lead to a breakdown of defense in-depth.
3. Patching, signature updates, and protection from tampering for offline VM and VM "appliance" images.
4. Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible.
5. Limited visibility into the host OS and virtual network to find vulnerabilities and assess correct configuration.
6. Restricted view into inter-VM traffic for inspection by intrusion prevention systems (IPSs).
7. Mobile VMs will require security policy and settings to migrate with them.
8. Immature and incomplete security and management tools.

Their observations to fall into three categories:

1) Not new to virtualization (3,4—same as regular hardware appliances and other hotspare devices)
2) Useful, but obvious (1,7,8)
3) Only true if the admins aren't paying attention, or the architecture is poorly designed (2, 5, 6)

Incidentally, BlueLane—with their "virtual IPS"—has got to be ecstatic with No.6 since they're the only vendors marketed squarely at that space right now.

Jordan Wiens
NWC Contributing Technology Editor

Gartner will present research later this month that suggests that companies that hurry to implement virtualization technology without first implementing best practices for security may be in for trouble.

The analyst firm said the combination of immature security tools for virtualized environments and the failure of companies to set and carry out appropriate policies to protect virtual machines (VMs) means that these virtual servers will be less secure than physical machines through 2009.

As is the case with any new technology that becomes an obvious target for security threats, Gartner said companies need to proceed with caution as they deploy VMs. The research firm suggested that too many businesses try to take the same approach to securing their virtual servers that they use to protect physical servers. This leaves VMs exposed to threats.

Gartner said effective security for virtualized environments ideally should begin before an organization even picks vendors or products.

Neil MacDonald, vice president and Gartner Fellow, will present Gartner's findings at the Gartner Symposium/ITxpo 2007: Emerging Trends, being held in San Francisco from April 22nd to April 26th.

	Mannington Mills scales with Dell and SAP

	Tellabs pushes virtualization with Dell PowerEdge servers

	Acuity streamlines with Dell virtualized servers and storage

	Edmunds.com chooses Dell to support exponential growth

IT Survival Guide: The Art Of IT Spending
InformationWeek
September 29, 2007




	CASE STUDY: Oracle Consolidates On-Demand Hosting Environment on Dell PowerEdge Servers Read more » SQL DEPLOYMENT WHITEPAPER: Deploying Microsoft SQL Server 2005 Business Intelligence and Data Warehousing Solutions on Dell PowerEdge Servers and Dell PowerVault Storage Read more » SQL DEPLOYMENT WHITEPAPER: Deploying Microsoft SQL Server 2005 Standard x64 Edition SP2 with Microsoft Windows Server 2003 Standard x64 Edition with SP2 on Dell PowerEdge Servers and Dell PowerVault Storage Read more » POWER SOLUTIONS FEATURE: Business Continuity and Disaster Recovery with Virtualization and Double-Take Read more » POWER SOLUTIONS FEATURE: Streamlining Technology Management to Increase Workplace Productivity Read more » WHITE PAPER: 3 Key Enhancements to Enterprise Messaging Read more » POWER SOLUTIONS FEATURE: Access Everywhere. Business Anywhere. How Microsoft Exchange Server 2007 Makes It Happen Read more » POWER SOLUTIONS FEATURE: A Blueprint for Implementing Microsoft Exchange Server 2007 Storage Infrastructures Read more » POWER SOLUTIONS FEATURE: The Business of IT: Planning a Strategic Framework for Anywhere Data Access Read more » POWER SOLUTIONS FEATURE: Understanding the Architecture and Features of Microsoft Exchange Server 2007 Read more »