How secure is the current practice in virtualisation?
The key driving force behind virtualisation is the promise of reduced costs resulting from server consolidation, writes Gary Wood, research consultant at the Information Security Forum. For many organisations the current economic climate means that this force will be growing ever stronger, as senior management seek to save money across all parts of the business.
Unfortunately, choices that are made solely on economic grounds can be bad for security. It may make financial sense to consolidate a processor-intensive application onto the same physical host as another that is network-intensive to better balance the use of available resources.
However, such an approach may result in virtual servers running highly sensitive core business applications sitting alongside those running publicly accessible applications or websites, both on the same physical host. Security and networking professionals have spent years building segregated infrastructures - now is not the time to undo them.
That is not to say that virtualisation is a bad thing - organisations should look to leverage some of the benefits that virtualisation can offer, but in a secure way. Virtualisation can improve resilience and security. For example, physical hosts running virtualised servers used by one business application may have the capacity to act as a virtualised fail-over of another.
Multiple business applications - previously installed onto shared physical servers to save costs - can now be installed individually onto separate virtual servers, and test environments can be built to more accurately reflect the live environment to provide for better testing.
To ensure that a virtualised environment is secure, approach it as you would a physical one. Each server (whether physical or virtual) should be fully patched make sure that malware protection and other monitoring software is installed and updated and ensure that you know who is accessing each server, and why. Developing and maintaining such resilience and controls may cost slightly more, but these are essential to keep the entire infrastructure safe.
Read more expert advice from the Computer Weekly Security Think Tank >>