Q

Will allowing virtual machines increase risk exposure?

Implementing enterprise virtual machines can lead to invisible pockets of software in a work environment. In this expert Q&A, Ed Skoudis explains what kind of bargain you can strike with VM users.

A number of power users in our organization are interested in experimenting with virtualization on their client devices. We currently have relaxed client security policy guidelines for users. Would allowing client virtualization increase our risk exposure?
I assume by " virtualization" here that you mean "virtual machines" (VMs), the software that allows one or more guest operating systems to run on either a host machine or a hypervisor. Given that understanding, the question is really whether you would allow your users to bring other, non-standard operating systems to your enterprise and install them on company computer systems. That's pretty much what's happening when these users install virtual machine environments and put operating systems on them to run various applications.

It is not necessarily a risk, other than the fact that you will have less insight into what these users are up to. That argument, however, would apply to any sort of strange beast of system or software that is brought into the enterprise.

Thus, it all comes down to how much you trust these users and what they might do. Do you need to monitor their actions carefully? The VMs, if deployed in the manner that you describe, will be completely controlled by the users, and they will therefore be invisible pockets of software in the environment. Perhaps you can strike a bargain with these users that doesn't have quite as much potential for chaos. You can, for example, choose a set of operating systems that you will support as virtual guests. Then, you can require employees to install security packages, like antivirus and personal firewalls, in those guests. That might help you strike the right balance.

More information:

  • Prepare for virtualization security unknowns.
  • Michael Cobb reveals the security-related pitfalls of moving toward a virtualization environment.
  • This was first published in September 2007
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close