Virtual machines and the emergence of virtual threats

By
Page 2 of 2  |  Single page
Virtual machines and the emergence of virtual threats
"The fact that VMs are portable is another issue, because they can be easily taken out of the security zone, beyond the remit of intruder detection systems (IDS) or firewalls. VMs can be placed on USB sticks and literally walked into the data centre before being plugged in, for example".

And while virtualisation is complex, there is little automation. This means that a lot of manual management and control activity is required, and staff need to have a certain level of proficiency to make appropriate decisions.

“There is increased potential for human error combined with less potential for auditing and tracking individual systems,” warns Lynch.

Even where attacks do bring VMs crashing to a halt, Page believes it is very easy to both isolate those threats and get systems back up again to minimise system downtime.

“With a virtual machine it is possible to have a replica of any one system back at base and backed up systems on servers that can be brought back up very quickly in the event of problems,” he says.

The nature and size of any security threat to virtualised systems will vary according to the level of segmentation within any one environment. But Lynch says it is important for IT security staff to at least acknowledge that virtual systems need to be treated in a different way, and that security measures applied to physical systems will not necessarily suffice.

“They need to start thinking about what they have to do to control VMs, consider how isolation aspects break down, and what policies they need to put in place to protect against potential threats," he reports.

"The last thing anybody wants to do is re-architect their security profile to accommodate virtualisation, and the security guys are only just waking up to realise that there are substantial differences between physical and virtual servers".

Lynch admits that issue has not flashed up on most IT leaders' radar yet, but says government and financial companies – who tend to be more security conscious – are those listening hardest. Nevertheless, IT leaders should be preparing their defences today, he warns.
Previous Page 1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2010 Computing
Tags:
ofsecuritythethreatsvirtual

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?