Future Threats to Virtualization Security: Fact vs. Fiction
Who will be the TJX of virtualization security mistakes? No one knows yet, but one thing's certain: If you're a CIO, it better not be your company.
Think critically about what kind of applications you're virtualizing in the first place, and be aware, CIOs say. "Now's the time to really assess what is the risk profile of the systems you've put in the virtualized environment," says Arch Coal CIO Michael Abbene.
As one of Abbene's virtualization experts, Microsoft Systems Administrator Tom Carter says of hypervisor malware and Blue Pill, "I'm aware of the facts…but it's low risk to us at the same time. It's a complex attack."
Nonetheless, he's not dismissing the threat entirely: Protecting servers from possible hypervisor attacks is one goal of Abbene's team as it investigates new tools including Reflex Security's virtual security appliance product.
Of course, as with so many security threats, the more high-profile and mission-critical the apps that you virtualize are, the greater the risk. That requires careful planning plus attention to emerging tools. "We've recognized that the risk is expanding," Abbene says. "What we could live with one year ago we won’t be able to live with six months from now."
virtualization
A weekly newsletter that covers Data Center strategy, constraints and the major issues driving change.
