Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Blog: Security Shouldn't Take a Backseat to Virtualization

Page:

There’s no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency.

Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat. These benefits are often seen by CIOs and other information technology leaders as adding tremendous value to an existing robust IT infrastructure. Who wouldn’t want to save money by reducing the size and extent of their data center, especially in the manufacturing and financial services industries?

There is an increasing phenomenon occurring: security often takes a backseat when it comes to consolidating servers, applications, or other resources to a virtualized platform.

In a traditional sense, server administrators have been taught the basics of “Security 101,” i.e., to run the standard checks and balances to ensure that no unnecessary services, protocols, or security vulnerabilities exist that may put the system at risk of exposure. Some people may go so far as to run a thorough vulnerability assessment on both the host and virtual system before putting them into a live production environment; an activity that is absolutely necessary to ensure that your basics are covered.

But vulnerability assessments do nothing to reveal existing breaches. This is especially true when we take into consideration that cyber crime is at its highest since the shift from fame to profit occurred around a year and a half ago.

It’s unlikely that people ask themselves, “Is the host system infected with a hidden Trojan I don’t know about?” while they’re undergoing a migration. According to statistics from PandaLabs, there are over 5,000 new and unique malware samples released into the wild every day and a large percentage of these samples are related to cyber crime.

Cyber criminals can capture very valuable information including social security numbers, passwords, and credit card information, and with financial motives like these, they will pull out all the stops to gather information without being detected by traditional anti-malware technologies.

These days, the approach to developing incredibly effective malicious code has changed to include extremely sophisticated exploits that target emerging zero-day vulnerabilities in more then just Microsoft Windows. For example: a recent black hat conference presentation discussed hardware virtualization rootkits that will surely subvert the existing hypervisor.

So what should IT do when it comes to security and virtualization?

The most important thing to remember when creating a secure virtual system is to take a holistic approach. Technologies such as system hardening, regular behavioral analysis, proactive end-point security, IPS firewall, and heuristics technologies are key to a fortified virtual environment. Included below are some tips on how to ensure you are meeting all of these requirements.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Adobe, etwork, IPS, Microsoft, Panda Security, Yankee Group
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: VMware, virtualisation, spam, security, malware, information security, database
Latest Blog Posts
Whitepapers
  • Prepare Your Enterprise for the Mobile Revolution: Boost the Bottom Line with Mobile UC
    This white paper will highlight the changes in the mobile workplace; outline the benefits of unified communications (UC) and Fixed-Mobile Convergence (FMC) for mobile workers; identify the key market trends and business challenges IT managers must pay attention to now and into the future; and offer best practices for choosing a solution that will deliver clear ROI.
    Learn more »
  • A Governance Guide for Hybrid SharePoint Migrations
    Cloud-based computing represents a powerful new option for managing enterprise content, offering increased flexibility, efficiency, and reduced cost for IT infrastructure, data storage, and applications. However, for a variety of business and technical reasons, most organisations will take a phased approach to adopting cloud-based services, which will require them to continue to maintain their on-premises SharePoint environments during the transition. This white paper, written by Chris Beckett from SharePoint Bits, discusses some of the benefits and risks of hybrid SharePoint deployments, and presents governance considerations that are essential for ensuring a successful migration.
    Learn more »
  • Email Encryption/Decryption and Signing integrated into a comprehensive content security solution
    Clearswift’s SECURE Email Gateway provides an easy to use approach to providing secure email conversations. The technology enables customers to provide the privacy, authenticity and integrity of the communication that secure messaging offers, but without the complexity and high administration cost of other systems. The Clearswift SECURE Email Gateway with integrated encryption technology enables business to communicate with confidence and protects them from the risk of sensitive data loss.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources