How secure is the current practice in
virtualisation?
The key driving force behind virtualisation is the promise of
reduced costs resulting from server consolidation, writes Gary
Wood, research consultant at
the Information Security
Forum. For many organisations the current economic climate
means that this force will be growing ever stronger, as senior
management seek to save money across all parts of the business.
Unfortunately, choices that are made solely on economic grounds
can be bad for security. It may make financial sense to consolidate
a processor-intensive application onto the same physical host as
another that is network-intensive to better balance the use of
available resources.
However, such an approach may result in virtual servers running
highly sensitive core business applications sitting alongside those
running publicly accessible applications or websites, both on the
same physical host. Security and networking professionals have
spent years building segregated infrastructures - now is not the
time to undo them.
That is not to say that virtualisation is a bad thing -
organisations should look to
leverage some of the benefits that virtualisation can offer,
but in a secure way. Virtualisation can improve resilience and
security. For example, physical hosts running virtualised servers
used by one business application may have the capacity to act as a
virtualised fail-over of another.
Multiple business applications - previously installed onto
shared physical servers to save costs - can now be installed
individually onto separate virtual servers, and test environments
can be built to more accurately reflect the live environment to
provide for better testing.
To
ensure that a virtualised environment is secure, approach it as
you would a physical one. Each server (whether physical or virtual)
should be fully patched make sure that malware protection and other
monitoring software is installed and updated and ensure that you
know who is accessing each server, and why. Developing and
maintaining such resilience and controls may cost slightly more,
but these are essential to keep the entire infrastructure safe.
Read more expert advice from the Computer Weekly Security Think
Tank >>