RSS Alerts

Share

More services

Related Links

Related Stories

  • NetBenefit intros Ultra-V virtualisation platform
    NetBenefit, the managed hosting provider, has taken the wraps off Ultra-V, a high availability virtualisation platform that sits behind a firewall security layer and supports virtual environments ranging from single servers to complete virtual systems.
  • NetBenefit adds virtual firewall
    Hard on the heels of launching a range of dedicated servers based on Intel's Nehalem architecture last week, NetBenefit, the managed internet hosting firm, has added a virtual firewall - based on Fortinet's firewall technology - to its range of security offerings.
  • Companies leap to new web and mobile technologies leaving security behind
    Companies are embracing new web and mobile technologies such as cloud computing, virtualisation, social networking and mobile communication at a faster rate than their information security strategies are updated.
  • PCI update: Your guide to Version 2.0
    The PCI Security Standards Council released the latest version of its standards in October 2010. Stephen Pritchard looks at how businesses can bring their operations in line with the new requirements
  • Trend Micro security spans physical, virtual and cloud servers
    Trend Micro will next month take the wraps off an updated version of its Deep Security software that is billed as spanning the physical, virtual and cloud computing environments.

Top 5 Stories

News

Virtualisation security problems will grow says panel

07 October 2009

A panel of experts - assembled in London on Tuesday by Check Point Software Technologies - concluded that virtualisation security is a problem that will not go away and, if anything, will grow as more organisations migrate their IT systems to the technology.

Nick Lowe, Check Point's regional director for Northern Europe, said that attacks on virtual servers and allied environments are likely in the near future and, because virtual environments are effectively a single entity, this actually increases the risk of attack.

James Pattinson, divisional director with DNS (Digital Network Services) Arrow, a value-added distributor in the security space, said that there is a need for education about the security risks of virtual environments, and that vendors can be helped by their specialist systems integrators and dealers in this regard.

"The task is a difficult one, but with education about the security risks - and the solutions - the challenge of virtualisation security can be met very effectively", he said.

Simon Perry, a principal analyst with Quocirca, meanwhile, said that virtualisation has changed the IT security ballgame, but the main problem is that the overall IT attack surface has increased due to the shift to a virtualised environment.

Most security exposures, he explained, actually come from the technology involved in virtualised environments, with the hypervisor - the virtual machine monitor that sits at the heart of the virtual system - posing a high security risk.

It is "choke points" like this, said Perry, that will engender the most potential attacks, since the hypervisor enables access to the physical server, which gives access to (for example) 30 virtual machines.

"So will we see attacks at the choke point? Yes. Will they be successful against the hyper visor? Yes they will", he said.

IT managers, he added, must decide on the level of complexity, as there are undoubtedly security flaws in the hypervisor environment and, as a result, it will become a target of security attacks.

As a result of this, Perry sees two main areas that attackers will go after in a virtual environment; the operating system that hosts the hypervisor platform and the system admin side of the server.

Fredrik Sjostedt, EMEA product marketing director with VMware - one of the main players in the virtual software environment - said that the evolution of security has become a never-ending process.

The problem facing users of virtualised environments, he said, is that the process of migration is not a simple switchover, but more a gradual process, so the issues of securing the environment become a lot more complex.

Chris Bidgland, EMEA global services director with RSA, concurred Sjostedt's view, adding that his clients are making the migration to a virtual environment a gradual process and, as a result, the IT security needs to be a lot tighter to cover all the possible issues.

"We are already talking to our clients about creating a high-level response team of professionals and advisers to help them respond as quickly and efficiently as possible if the worst does happen," he said.

"We are planning to make an announcement on this service at the upcoming RSA Europe event," he added.

This article is featured in:
Application Security • Compliance and Policy  • Data Loss  • Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012