Problem solve Get help with specific problems with your technologies, process and projects.

Will allowing virtual machines increase risk exposure?

Implementing enterprise virtual machines can lead to invisible pockets of software in a work environment. In this expert Q&A, Ed Skoudis explains what kind of bargain you can strike with VM users.

A number of power users in our organization are interested in experimenting with virtualization on their client devices. We currently have relaxed client security policy guidelines for users. Would allowing client virtualization increase our risk exposure?
I assume by " virtualization" here that you mean "virtual machines" (VMs), the software that allows one or more guest operating systems to run on either a host machine or a hypervisor. Given that understanding, the question is really whether you would allow your users to bring other, non-standard operating systems to your enterprise and install them on company computer systems. That's pretty much what's happening when these users install virtual machine environments and put operating systems on them to run various applications.

It is not necessarily a risk, other than the fact that you will have less insight into what these users are up to. That argument, however, would apply to any sort of strange beast of system or software that is brought into the enterprise.

Thus, it all comes down to how much you trust these users and what they might do. Do you need to monitor their actions carefully? The VMs, if deployed in the manner that you describe, will be completely controlled by the users, and they will therefore be invisible pockets of software in the environment. Perhaps you can strike a bargain with these users that doesn't have quite as much potential for chaos. You can, for example, choose a set of operating systems that you will support as virtual guests. Then, you can require employees to install security packages, like antivirus and personal firewalls, in those guests. That might help you strike the right balance.

More information:

  • Prepare for virtualization security unknowns.
  • Michael Cobb reveals the security-related pitfalls of moving toward a virtualization environment.
  • This was last published in September 2007

    Dig Deeper on Virtualization security issues and threats

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.