Wednesday, September 5, 2007

Real Threats to Virtual Systems

As the Virtualization Craze begins to resemble a runaway train, it is really time to stop and think about the security implications of virtualization.

The most important thing to remember is that:
  • running software on OSes
  • which are running in software
  • on another OS
    • or maybe on a hypervisor- software- between the hardware and OSes
  • that is on hardware
ADDS complexity and attack surfaces, it cannot reduce exposures.

We are still susceptible to all of the vulnerabilities that already exist in physical installations- plus a new array of emerging vulnerabilities for the virtualization systems themselves.

The world of virtualization security is well beyond the scope of my blog, so I will refer you to the following resources to get started:
Now is the time to consider the security impact of virtualization and plan virtual deployments accordingly. That's right, we have the opportunity to plan and deploy an emerging technology wisely.