Access your Pro+ Content below.
Virtualization 101: Best practices for securing virtual machines
This article is part of the March 2011 issue of Information Security magazine
As virtualization technology becomes common within the modern IT environment, the need for sound security and risk management for these systems increases. Although the technology and architecture can be complex, there are a number of best practices and straightforward techniques security teams can take to keep track of virtualization components and virtual machines, secure them properly, and maintain a strong, compliant security posture over time. Virtual machine discovery and inventory A first critical step in properly securing a virtual infrastructure is ascertaining where virtual machines are located and how an accurate inventory can be maintained. In many organziations, system inventories are out of date; in fact, many are kept in spreadsheets with manual input from systems and network administration teams. Due to the dynamic nature of virtual environments, a common scenario dubbed virtual sprawl can easily occur, where virtual machines are created and used for a period of time, but never noted in a formal systems inventory....
Features in this issue
There are a lot of risk assessment frameworks out there. Here's what you need to know in order to pick the right one.
VMs introduce a new security dynamic, one that emphasizes asset discovery, change management and tweaks to existing security technology.
Attacks on applications like Adobe Reader and Java require effective and timely patching of user systems.
Columns in this issue
Security managers should take advantage of the consumerization of IT trend to reinvent themselves.
Cloud computing is forcing an evolution of information security practices and technology.
A new competition tries to foster interest in cybersecurity early on.
Here are four things you need to do in order to execute on your long-term career plan.