GOVERNMENT
GARTNER: Organizations That Rush to Adopt Virtualization Can Weaken Security
- Written by: Writer
- Category: GOVERNMENT
- Virtualization software, such as hypervisors, represent a new layer of privileged software that will be attacked and must be protected.
- The loss of separation of duties for administrative tasks, which can lead to a breakdown of defense in-depth.
- Patching, signature updates, and protection from tampering for offline VM and VM "appliance" images.
- Patching and secure confirmation management of VM appliances where the underlying OS and configuration are not accessible.
- Limited visibility into the host OS and virtual network to find vulnerabilities and assess correct configuration.
- Restricted view into inter-VM traffic for inspection by intrusion prevention systems (IPSs).
- Mobile VMs will require security policy and settings to migrate with them.
- Immature and incomplete security and management tools.
“Organizations need to pressure security and virtualization vendors to plug the major security gaps,” said MacDonald. “Existing virtualization solutions address some of the gaps, but not all. It will take several years for the tools and vendors to evolve, as well as organizations to mature their processes and staff skills. Knowledge of the security risks and the costs to address them must be factored into the cost-benefit discussion of virtualization. If these added costs are avoided, the risk of not making the necessary security investments must be accepted by the decision maker in the move to virtualization.” MacDonald will provide more detailed analysis regarding the security of VMs and emerging virtualized security technologies in a presentation titled “Securing Virtualization, Virtualizing Security," during Gartner Symposium/ITxpo 2007: Emerging Trends, which is being held April 22-26 in San Francisco. A total of 125 Gartner analysts, hundreds of solutions providers and thousands of attendees will meet in San Francisco to discuss and debate the impact of breakthrough technologies on all businesses. This year’s sessions will be based on eight "megatrends" that include: Commoditizing the Tech Sector, Globalizing of Supply and Demand, Virtualizing the Enterprise Platform, Freeing Communications, Socializing Technology, Revolutionizing Industries, Inspiring Innovation, and Transforming IS Management. For more information, please visit its Web site.