Feeds

The double-edged sword of virtualisation security

Are you feeling security benefits?

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Lab A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security.

Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual environments doesn’t really matter, because one should not exclude the other anyway.

So there is plenty out there on the risks, which we should ignore at our peril. But what of the benefits? The double-edged sword can apply in a positive sense to the additional layer introduced by the hypervisor: while what security people like to call the attack surface is increased in principle, correctly configured, it is one more thing the bad guys have to get through before they can get to the crunchy bit of data in the middle.

Meanwhile, if attack surface is your thing, the reduced footprint afforded by consolidating multiple virtual machines onto fewer servers does indeed reduce complexity and make things easier to secure in a physical sense. Sure, it might be putting all your eggs in one basket, but at least the basket can be locked away.

Much of security (if not all of security) is about risk management, so it is important we consider benefits beyond the, "is it secure/insecure" debate. Here’s some examples of where virtualisation can help reduce risk levels inherent in IT delivery:

• Operationally, a useful benefit of virtualisation is the improvement in patching capabilities afforded by a virtualised environment. Centralised patching of VMs can, in principle, be executed with less time and effort than in the physical world. It’s not quite *that* simple of course, as you will need to ensure that all VMs are online / active to be patched.

• Moving into the desktop realm – a source of much frustration for IT departments – the ability to centrally manage provisioning and software updates has a role to play in security, for example as a corrupt desktop image can easily be switched out and replaced with a clean one from the master image.

• A degree of protection is also afforded to portable devices. One of the options for protecting company data on ‘work and home’ kit is to separate the two using virtualisation technology. Taking things a step further and encrypting the ‘workVM’ means not only is there a degree of separation, but privacy can also be assured, particularly if the device is lost or damaged. The future will likely see virtual machine encryption playing more of a role, whether within the data centre or on mobile devices. Regulation may simply make this a prerequisite in certain industries.

There is nothing to say that a virtualised environment will be inherently more secure than a non-virtualised environment: from your feedback we’re picking up as many challenges as advantages. It stands to reason however that the benefits touched on here will be gained through a combination of good management, planning and design, and organisations won’t magically become good at this simply because virtualisation technology happens to be in the mix.

As we roll down the virtual road, it will be interesting in the extreme to see whether perceptions and experiences polarize further – from those who have harnessed virtualisation and managed the inherent risks, or those who become overcome by complexity. If you’re seeing clear roads ahead or are already hitting the potholes, we’d appreciate hearing about your experiences. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.