In today’s competitive environment – with businesses trying to boost efficiency and cut costs – virtualisation is no longer the preserve of multinational enterprises and large-scale data centres, says Matvey Voytov, senior product marketing manager at Kaspersky Lab.
It is promising opportunities to run more applications and services – on fewer servers; cut hardware acquisition costs and reduce operational costs related to maintenance, space and energy. Due to this, virtualisation is often an important element in the IT department’s efforts to meet the business’s demands to “do more and spend less”.
However, whether a company is running applications on physical or virtual machines, it still needs to guard against the constant increase in the volume and sophistication of malware and other cyber threats that could jeopardise the day-to-day operations by:
* Disrupting business processes – and increasing operational costs,
* Stealing and exposing confidential business information,
* Compromising the security of the company’s suppliers’ and customers’ data,
* Destroying the competitive advantage that the business gains from its intellectual property.
Are virtual environments more secure or less secure?
It’s a myth that virtualised environments are somehow more secure than their physical counterparts. Unfortunately, even though there is absolutely no truth or logic behind this belief, it can lull some organisations into a false sense of security when they consider security requirements for any virtualisation projects.
From the point of view of everything that interfaces with or interacts with a virtual machine, the machine ‘looks’ and acts exactly like any physical machine. Generally, the only thing that is aware that the machine is virtual is the hypervisor (as well as the IT administration team).
Therefore, it’s a simple statement of fact that virtualised environments still have to contend with all of the potential security risks that physical environments also have to deal with. Just because a virtual machine is behind a firewall – within the organisation’s data centre – it’s not safe from the many different types of threats that can be launched from outside the company perimeter. Attackers, that have already breached the company’s security perimeter, will regard unprotected virtual machines as easy targets.
Tips for secure virtualisation:
The cost savings and operational benefits offered by virtualisation can be very compelling – but there are a few things to bear in mind when the company is putting together its project strategy: if it is going to maintain the security of its systems and information.
Below are some of them:
* Make sure security is considered at the very outset of any potential virtualisation project. If your company’s virtualisation roll-out plans don’t include security – that’s an incomplete and insecure strategy.
* When you’re assessing which virtualisation platform is right for your project, make sure you also consider how that platform will affect your security options.
* Consider starting by replicating all of the security policies you currently apply to your physical IT infrastructure – to your new virtual environment.
* Assess each project – and its security requirements – before setting targets for performance and consolidation ratios.
* Carefully review the available security technologies, including the likes of agent-based, agentless and light Agent.
* Choose a security solution that will accommodate changes in the virtualisation software that you’re running. If you’re using one software solution for virtualisation now, but you later move to an alternative solution for this, you’ll want to avoid the expense of having to buy new security software licences and also having to retrain on the use of a new security package.
* Assess how well your chosen virtualisation security software is integrated with other security technologies. Higher levels of integration will mean a much lower load on your IT administration resources.
* To ease the burden on your IT security and IT administration teams, choose a security solution that enables you to control multiple security technologies and functions from a single management console.
Driven by the research of security experts, Kaspersky Lab experts see the importance of virtualisation security – of raising awareness about it and helping customers choose optimal solutions for different infrastructures.