For a number of organizations, virtualization is a great way to reduce the investment in infrastructure, create the right redundancy and allow for flexibility in the mobile workforce. Even with these benefits, however, there are a number of companies concerned about the risks involved and how they can affect valuable corporate data and the operation of the network. The perks in data center power savings may be there, but are they enough to warrant a change?
A recent Informationweek report outlined the best practices to combat virtualization security risks. If things are working well within the enterprise, is it worth taking the risk? Considering the ability to enhance flexibility and agility, increase server capacity and automate a number of operations without making large capital investments, virtualization certainly has its own value proposition. The challenge comes when the risks outweigh the benefits.
In some cases, an assumption is made that virtual machines offer greater security than physical servers. The reality is that both deployment strategies incorporate the same levels of vulnerability when it comes to malware attacks. Plus, in a virtualized environment, there is a greater risk of a crash being more severe. Without the right knowledge of the risks that exist or the authority to do something about them, the enterprise could be taking on more risk than necessary.
Fortunately, there are best practices that can help mitigate the risks associated with the virtual environment. Let’s take a look at these methods and how they may ease the anxiety of making the leap to virtualization:
- Designate virtual desktops as untrusted and keep them segregated from the rest of the physical data.
- Assign a specific security policy to virtual machines to prevent the sharing of workloads from various trusted levels onto the same server.
- Configure the Hypervisor layer correctly and schedule regular security upgrades.
- Keep the virtualization layer thin during configuration.
- Look for virtualization vendors who offer Hypervisor/VMM layer-measurement capabilities to avoid compromise during launch.
- Prioritize monitoring across the network.
- Implement security in lower layers so it can easily be monitored for compromises and vulnerabilities.
- Select security vendors providing reliable policy management and enforcement framework.
- Put a single team on the network configuration and management project to ensure consistency in approach and management.
The key to success in any type of deployment is to first outline the strategy for integration, assessing the potential for risks at each stage. Then develop a policy to address those risks and implement best practices so as to keep vulnerabilities at a minimum. At the end of the day, the network will be threatened, but you have the tools and methods to prevent major harm as long as you plan ahead.
Edited by Rory J. Thompson