Manage Learn to apply best practices and optimize your operations.

Will using virtualization software put an enterprise at risk?

A virtualized IT infrastructure can simplify operations and save a company money, but is such an environment secure? In this SearchSecurity.com Q&A, application security expert Michael Cobb explains what can go wrong when making the move to virtualization.

What are the security-related pitfalls of moving toward a virtualization environment and creating multiple-application systems on a single server?
Although virtualization isn't a new concept, there is certainly a renewed interest in its use. A virtualized IT infrastructure can increase system availability and flexibility, and its more efficient use of resources can cut ownership costs. Dell Inc., for example, uses a server farm that runs virtualization software to provide more than 1,000 test and development environments on fewer than 100 physical servers. This greatly reduces the time spent setting up test environments.

One often cited benefit of virtualization is the technology's ability to simplify operations and consolidate the number of servers and machines in an organization. Your administrators, however, will need to learn how to configure and maintain a virtual IT environment. Not only is there a vast amount of terminology to understand, but most virtualization products also require additional hardware or software. This requires an understanding of the many choices of available hypervisors and hardware, and how each should be properly configured.

Once a virtual environment has been created, compliance and auditing must also evolve to handle the physical and virtual systems. This means finding a way to measure resource usage and cost allocations among applications across a shared infrastructure, because serial numbers and physical locations are meaningless in the virtual world. Remember, if you can't measure what's on a virtual system, you can't obtain maximum benefit from it. Also, unless meticulous image cataloging is enforced, "image sprawl" and orphaned images can cause delays and overwhelm an IT staff. All this, not to mention the threat of possible rootkit hypervisors, adds to the burden of keeping virtualized systems secure.

Virtualization software can cause unpredictable errors, and the host is a potential single point of failure for all the instances that it hosts. Also, many software applications offer limited virtualization support. In the future, administrators will need to create an environment that preserves existing investments in such software licenses. The other challenge over the long term will be to realize the benefits of licensing models that favor virtualization. To maximize savings, you will need a full understanding of contracts and vendor license options.

Despite all of these pitfalls, the benefits of virtualization make the technology well worth considering. With virtualization, IT administrators can consolidate their physical infrastructures, preserve their investments in existing operating systems and applications, and get more from their hardware investments. As virtual environments grow, there will also be additional benefits to business continuity and capacity management strategies.

More information:

  • See how well virtualization products defend against malware.
  • Find out what happens when an attacker compromises a virtual machine.
  • This was last published in March 2007

    Dig Deeper on Virtualization security issues and threats

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.