Feeds

The double-edged sword of virtualisation security

Are you feeling security benefits?

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Lab A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security.

Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual environments doesn’t really matter, because one should not exclude the other anyway.

So there is plenty out there on the risks, which we should ignore at our peril. But what of the benefits? The double-edged sword can apply in a positive sense to the additional layer introduced by the hypervisor: while what security people like to call the attack surface is increased in principle, correctly configured, it is one more thing the bad guys have to get through before they can get to the crunchy bit of data in the middle.

Meanwhile, if attack surface is your thing, the reduced footprint afforded by consolidating multiple virtual machines onto fewer servers does indeed reduce complexity and make things easier to secure in a physical sense. Sure, it might be putting all your eggs in one basket, but at least the basket can be locked away.

Much of security (if not all of security) is about risk management, so it is important we consider benefits beyond the, "is it secure/insecure" debate. Here’s some examples of where virtualisation can help reduce risk levels inherent in IT delivery:

• Operationally, a useful benefit of virtualisation is the improvement in patching capabilities afforded by a virtualised environment. Centralised patching of VMs can, in principle, be executed with less time and effort than in the physical world. It’s not quite *that* simple of course, as you will need to ensure that all VMs are online / active to be patched.

• Moving into the desktop realm – a source of much frustration for IT departments – the ability to centrally manage provisioning and software updates has a role to play in security, for example as a corrupt desktop image can easily be switched out and replaced with a clean one from the master image.

• A degree of protection is also afforded to portable devices. One of the options for protecting company data on ‘work and home’ kit is to separate the two using virtualisation technology. Taking things a step further and encrypting the ‘workVM’ means not only is there a degree of separation, but privacy can also be assured, particularly if the device is lost or damaged. The future will likely see virtual machine encryption playing more of a role, whether within the data centre or on mobile devices. Regulation may simply make this a prerequisite in certain industries.

There is nothing to say that a virtualised environment will be inherently more secure than a non-virtualised environment: from your feedback we’re picking up as many challenges as advantages. It stands to reason however that the benefits touched on here will be gained through a combination of good management, planning and design, and organisations won’t magically become good at this simply because virtualisation technology happens to be in the mix.

As we roll down the virtual road, it will be interesting in the extreme to see whether perceptions and experiences polarize further – from those who have harnessed virtualisation and managed the inherent risks, or those who become overcome by complexity. If you’re seeing clear roads ahead or are already hitting the potholes, we’d appreciate hearing about your experiences. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Nexus 7 fandroids tell of salty taste after sucking on Google's Lollipop
Web giant looking into why version 5.0 of Android is crippling older slabs
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.