This article can also be found in the Premium Editorial Download "Information Security magazine: Keep today's threats close and tomorrow's closer."
Download it now to read this article plus other related content.
Virtual machines may save you money in the data center, but can you ignore their security implications any longer?
Virtualization, like Web services and Wi-Fi before it, is the current darling of IT. Departments in enterprises, small- and medium-sized businesses and universities are deploying virtualization in huge numbers, mainly in the hope of saving money through server consolidation projects and reduced desktop system costs.
And like the other hot technologies of their time, virtualization is being deployed with little or no thought to security. The cost and power-consumption benefits that IT shops can realize through the use of server virtualization in most cases outweigh the real problems the technology can cause with security and compliance.
"I believe there are some holes in the scheme of things," says Dennis Moreau, CTO of Configuresoft. "There are complications in how you mitigate threats and remediate problems because of the complexity that virtualization introduces."
In most cases, IT shops in enterprises and other organizations are aware of some of these security considerations. But for many of them, the cost savings and efficiencies that virtualization delivers are too great to ignore (see "Virtually Everywhere" p. 50).
This was first published in January 2007