Virtualization Security Checklist - InformationWeek
IoT
IoT
Software
News
10/6/2011
12:15 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
What You Need to Know about GDPR
Aug 29, 2017
GDRP is an acronym that stands for General Data Protection Regulation and it's designed to give co ...Read More>>

Virtualization Security Checklist

Take these 4 steps to improve the security of your virtualization infrastructure.

What's the most dangerous threat to your virtualized systems? Hint: it's not the latest zero-day exploit. The most pressing risk is IT staff who have full privileges in these systems.

Take the February 2011 attack by an IT employee who'd been laid off from a pharmaceutical company. The ex- employee logged in remotely and deleted virtual hosts that ran the company's critical applications, including email, financial software, and order tracking. The company sustained about $800,000 in losses from a few keystrokes, the FBI says.

We're not saying your administrators will go rogue, but our September 2010 survey on virtualization security found that access to virtualization systems is fairly widespread: 42% of respondents say administrators have access to guest virtual machines. It only makes sense to take precautions, such as security monitoring, so that one person, whether maliciously or inadvertently, doesn't bring down critical apps and services.

Virtualized systems make it harder to manage risk, but sensible security practices still apply. Here are four steps to help you protect virtual assets and respond to threats and incidents.

1. Secure Layers

Virtual environments are made up of layers, so you'll want to implement security controls at each layer within the virtual architecture, including controls that you already have in your environment. For example, at the virtual switch layer, redirect traffic out to a firewall or an intrusion prevention system to monitor traffic. Alternatively, use a virtual firewall within the VM cluster.

The primary virtual layers to address include the hypervisor and guest operating systems, the virtual network that connects VMs, the physical network, the virtualization management system, and physical storage of VM images.

2. Define And Document

You can't place security controls around elements you don't know are there. Thus, it's vital to have accurate, up-to-date information on your virtual environment. That means being able to identify the components in your virtual infrastructure. Make sure you document the primary functions of these components and their owners and administrators.

It's also critical to understand how data traffic flows through your infrastructure, because the type of data will determine which controls are needed. For example, most companies take extra steps to secure virtual database servers that store critical business data. However, your backups also have copies of this confidential data. Track data flows from start to finish to identify critical areas where additional security measures are needed.

How concerned are you about security?

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll