Wednesday, September 5, 2007

Real Threats to Virtual Systems

As the Virtualization Craze begins to resemble a runaway train, it is really time to stop and think about the security implications of virtualization.

The most important thing to remember is that:
  • running software on OSes
  • which are running in software
  • on another OS
    • or maybe on a hypervisor- software- between the hardware and OSes
  • that is on hardware
ADDS complexity and attack surfaces, it cannot reduce exposures.

We are still susceptible to all of the vulnerabilities that already exist in physical installations- plus a new array of emerging vulnerabilities for the virtualization systems themselves.

The world of virtualization security is well beyond the scope of my blog, so I will refer you to the following resources to get started:
Now is the time to consider the security impact of virtualization and plan virtual deployments accordingly. That's right, we have the opportunity to plan and deploy an emerging technology wisely.

Jack