Virtual security is no less real

Virtualisation may not be an entirely new technology, but the current financial meltdown has re-emphasised its ability to reduce IT costs and maximise existing investments.  Organisations are tightening their belts, but this doesn't mean that business demands on technology come to a standstill. In fact, the pressure for technology to do less with more only increases during difficult times.

Virtual environments can lower the total cost of IT with the use of smaller data centres that result in less energy consumption and hardware waste. As such, analysts predict virtualisation to increase significantly in 2009. Yet many organisations fail to realise that without proper management and monitoring, they can easily find themselves in a position where critical applications perform poorly and affect business productivity. Cost efficiency shouldn't come at the expense of IT services' availability and performance.

In 2008, NetIQ surveyed 1000 enterprises worldwide on the topic of virtualisation, and was shocked to find that while three quarters of respondents were deploying virtual infrastructures, almost 80 per cent of these organisations had not considered any formal means of management. In the excitement of deploying a new technology, you'd be amazed how many IT professionals forget the importance of trivial matters like security management.

Besides the tangible discrepancies, there are few differences between virtual and physical servers, meaning that virtual environments still have an abundance of security and compliance requirements. There's no doubt that virtualisation is a cost-efficient technology, but it does entail a renewed approach to security. Here are four factors to consider for your virtual environment:

1. What's good for the goose....

It might sound obvious, but treat your virtual environments as you would physical infrastructures. Configuration and patch management are crucial, but remember virtual machines are often hidden from security architects, which leaves systems more vulnerable than physical servers.

While planning your migration, conduct a security audit on the servers to be virtualised. Server configuration is often modified during migration, so it's vitally important that you have a pre-migration baseline to compare with after virtualisation. Also, don't neglect to perform regular audits after migration.