Feeds

The double-edged sword of virtualisation security

Are you feeling security benefits?

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Lab A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security.

Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual environments doesn’t really matter, because one should not exclude the other anyway.

So there is plenty out there on the risks, which we should ignore at our peril. But what of the benefits? The double-edged sword can apply in a positive sense to the additional layer introduced by the hypervisor: while what security people like to call the attack surface is increased in principle, correctly configured, it is one more thing the bad guys have to get through before they can get to the crunchy bit of data in the middle.

Meanwhile, if attack surface is your thing, the reduced footprint afforded by consolidating multiple virtual machines onto fewer servers does indeed reduce complexity and make things easier to secure in a physical sense. Sure, it might be putting all your eggs in one basket, but at least the basket can be locked away.

Much of security (if not all of security) is about risk management, so it is important we consider benefits beyond the, "is it secure/insecure" debate. Here’s some examples of where virtualisation can help reduce risk levels inherent in IT delivery:

• Operationally, a useful benefit of virtualisation is the improvement in patching capabilities afforded by a virtualised environment. Centralised patching of VMs can, in principle, be executed with less time and effort than in the physical world. It’s not quite *that* simple of course, as you will need to ensure that all VMs are online / active to be patched.

• Moving into the desktop realm – a source of much frustration for IT departments – the ability to centrally manage provisioning and software updates has a role to play in security, for example as a corrupt desktop image can easily be switched out and replaced with a clean one from the master image.

• A degree of protection is also afforded to portable devices. One of the options for protecting company data on ‘work and home’ kit is to separate the two using virtualisation technology. Taking things a step further and encrypting the ‘workVM’ means not only is there a degree of separation, but privacy can also be assured, particularly if the device is lost or damaged. The future will likely see virtual machine encryption playing more of a role, whether within the data centre or on mobile devices. Regulation may simply make this a prerequisite in certain industries.

There is nothing to say that a virtualised environment will be inherently more secure than a non-virtualised environment: from your feedback we’re picking up as many challenges as advantages. It stands to reason however that the benefits touched on here will be gained through a combination of good management, planning and design, and organisations won’t magically become good at this simply because virtualisation technology happens to be in the mix.

As we roll down the virtual road, it will be interesting in the extreme to see whether perceptions and experiences polarize further – from those who have harnessed virtualisation and managed the inherent risks, or those who become overcome by complexity. If you’re seeing clear roads ahead or are already hitting the potholes, we’d appreciate hearing about your experiences. ®

Beginner's guide to SSL certificates

More from The Register

next story
ONE MILLION people already running Windows 10
A third of them are doing it in VMs, but early feedback focuses on frippery
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Ploppr: The #VultureTRENDING App of the Now
This organic crowd sourced viro- social fertiliser just got REAL
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.