
	Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > Will allowing virtual machines increase risk exposure?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Will allowing virtual machines increase risk exposure?

EXPERT RESPONSE FROM: Ed Skoudis, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 18 July 2007
A number of power users in our organization are interested in experimenting with virtualization on their client devices. We currently have relaxed client security policy guidelines for users. Would allowing client virtualization increase our risk exposure?

BROWSE BY TAG

Application and Platform Security, Virtualization Security Issues and Threats, Expert Archive: Information Security Threats, Information Security Policies, Procedures and Guidelines, Information Security Management, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Virtualization Security Issues and Threats
	Virtual appliances boost flexibility, improve security
	Lack of cloud computing definition adds confusion, risk
	Three cloud computing risks to consider
	App service cloud could boost security, manageability
	Kodak CISO on virtualization, compliance
	Face-off: Assessing cloud computing risks
	Citrix virtual desktop, app delivery controller includes security benefits
	Who should secure virtual IT environments?
	Who should secure virtual IT environments? (Part 2)
	Trend Micro to acquire Third Brigade for virtualization, cloud security

Expert Archive: Information Security Threats

The telltale signs of a network attack

Will Google Chrome enhance overall browser security?

Are there antivirus suites that pick up more than just run-of-the-mill viruses?

What tools can a hacker use to crack a laptop password?

Are social networking sites an easy target for malicious hackers?

What are the dangers of cross-site request forgery attacks (CSRF)?

Should social engineering tests be included in penetration testing?

What kind of data is compromised during a Google hack?

Best practices for using restriction policy whitelists

Defining mobile device security concerns

Information Security Policies, Procedures and Guidelines

Twitter risks, Facebook threats trouble security pros

Cybersecurity czar candidate questions clout of new position

Incident response planning

The basics of enterprise GRC project management

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

DHS fills National Cybersecurity Center post

New partnerships, creative thinking help security bust recession

Experts optimistic of Obama cybersecurity plan

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

defense in depth (SearchSecurity.com)

non-disclosure agreement (SearchSecurity.com)

security policy (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

I assume by "virtualization" here that you mean "virtual machines" (VMs), the software that allows one or more guest operating systems to run on either a host machine or a hypervisor. Given that understanding, the question is really whether you would allow your users to bring other, non-standard operating systems to your enterprise and install them on company computer systems. That's pretty much what's happening when these users install virtual machine environments and put operating systems on them to run various applications.

It is not necessarily a risk, other than the fact that you will have less insight into what these users are up to. That argument, however, would apply to any sort of strange beast of system or software that is brought into the enterprise.

Thus, it all comes down to how much you trust these users and what they might do. Do you need to monitor their actions carefully? The VMs, if deployed in the manner that you describe, will be completely controlled by the users, and they will therefore be invisible pockets of software in the environment. Perhaps you can strike a bargain with these users that doesn't have quite as much potential for chaos. You can, for example, choose a set of operating systems that you will support as virtual guests. Then, you can require employees to install security packages, like antivirus and personal firewalls, in those guests. That might help you strike the right balance.

More information:

Prepare for virtualization security unknowns.

Michael Cobb reveals the security-related pitfalls of moving toward a virtualization environment.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy