Feature

Audit and Improve Virtual Server Security: Five Tips

Bad physical networking decisions. Unpatched systems. Too much access to virtual server management consoles. These and other problems can degrade the security of your virtual servers. If you're ready to improve virtual server security, consider this five-step checklist as a start.

By Carol Sliwa

Wed, May 07, 2008CIO On the surface, security questions surrounding virtual servers don't seem much different than those for the physical machines on which they run. In fact, starting a virtual security audit by keeping in mind what you've already learned in the physical world is an excellent approach. Security analysts say the same practices, principles and basic common sense apply for a group of virtual servers as for any physical server farm. But, IT managers also need to factor in some additional considerations, due to the unique characteristics of the virtual world.

One example: software can be deployed so much more quickly using virtual machines that some steps in the typical provisioning process may have been eliminated, says Paul Love, director of information security at Standard Insurance in Portland, Ore. That, in turn, requires IT departments to make sure the necessary controls and oversight are in place, with the truncated time frame in mind.

"With virtual machines, it's very helpful to pay attention to the actual configuration of the system," Love says. "You need to really have a stable build so that when you deploy a thousand versions of it, they all meet management's requirements for what controls should be in place."

When Love's team audits security for its virtual server environment, it doesn't introduce new steps so much as extend the ones it already has for physical servers, Love says. That includes looking at the interactions among systems and ensuring that the operating system on which the virtual machine runs is secure and encounters no "configuration drift."

"We have to work very closely with change management," Love says.

As background research for auditing and improving your virtual security, you may want to consult guidance for securing virtual server environments that's available from the Center for Internet Security, the Defense Information Systems Agency and virtual server leader VMware.

"They [IT leaders] need to read these guides and come up with a summary set of lock-down and hardening policies that are customized for their environments," says Nand Mulchandani, senior director of product management and marketing at VMware . "If you just do that one thing, you will be vastly more secure and safe."

Virtual security tools can also help, but analysts warn clients to first consider the products they already use before buying new ones specifically designed for virtual servers. There are already 10 to 15 vendors offering VM-specific security tools, and that figure will probably rise to 30 by year's end, says Chris Christiansen, an analyst at IDC (a sister company to CXO Media ).

More from IT Drilldown « Back to Virtualization
CASE STUDY
Virtualization Helps Hospital Revive Aging Data Center
Virtualization was just what the doctors ordered for Huntsville Hospital and its data center. Here's a look at why virtual servers were just the start for this IT group. One hitch so far: some software vendors have balked at supporting a virtualized environment. Full Story »

More Case Studies »
Loading...
Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
As data centers expand, the complexity of heterogeneous computing environments has become an impediment to efficient IT service delivery. Companies are looking for ways to address this complexity and improve the manageability of their data centers. Symantec can help you standardize your IT environment, systems management tools, and configurations to improve operational efficiency, reduce costs and complexity, and mitigate downtime.

Standardization Data Sheet
Today's enterprise data centers face the growing demand for the latest servers and additional storage capacity, as well as, the need for improved availability of their mission critical applications. Download »
 
SPONSORED LINKS
 

Evolve your data center on proven technology. The Brocade DCX.

Secure your virtual and physical environments with the same software.

Let's Get Virtual: A Look at Today's Server Virtualization Architectures

Webcast: Learn how to Simplify and Standardize Architecture

Transforming Virtualization into a Competitive Advantage

Webcast: Research insight into how organizations are using virtualization

3M saved $3M on printing. Learn how HP can help your business

Survival of the Fittest: Disaster Recovery Design for the Data Center

Increase conversions on your site with the help of EV SSL.

Data Loss Prevention Starts at the Endpoint

Performance Brief: Mobile Application Acceleration

Strategies for centralizing data backup

Wide-area data services enable todays global enterprise

Discover PMI's credentials and career path tools

Symantec State of the Data Center Report

Getting the Most from your Data Protection Solution

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

See why 93 of the Fortune Global 100 depend on Blue Coat.

Taking Document Automation to the Next Level

Research about the efficiencies created by different operating systems.

White Paper: Intel IT testing of select multi-core processors results

Architecting A Better Network Storage Solution

Experience the colorful side of business. Visit Frugalcolor.com.

Rethinking the Corporate Help Desk: Learn how to deliver anywhere, anytime incident response

Eliminate network threats and downtime with Juniper Networks. View demo.

Choose a mobile device platform with familiar programs and simplified management

Green IT: Reducing Your Carbon Footprint with Citrix

Gene Kim's Practical Steps to Mitigate Virtualization Security Risks

Configuration Audit and Control for Virtualized Environments

Webcast: Building an Optimized Infrastructure

A CIO's View of Server Virtualization

Windows Server 2008: To Upgrade or Not to Upgrade?

How to simplify mobility and reduce the cost of supporting mobile workers

Extending PCI Compliance to the Mobile Workforce

A proven approach to WAN optimization

Wireless Vulnerability Management: What It Means for Your Enterprise

The Best IT Strategy for a Company with Global Operations

Speed, agility, flexibility - The HP BladeSystem c-Class

The Business Value of Symantec Data Center Foundation Solutions

Webcast: Why standardizing your ECM platform is so critical to your success

The PCI Data Security Standard

The Universal Wireless Client: Simplify mobility and reduce the cost of supporting mobile workers

Compliance by the numbers- addressing requirements with online document management and collaboration technology

Video Series: IT Leaders discuss how IT is becoming part of the innovation cycle.

White Paper: WebMethods Business Process Management Suite

Survey and Whitepaper: Reducing IT Energy Drain for Business Gain

Top 10 Reasons to Go Green in IT

Gaining Transparency in IT Outsourcing

Case Study: Customer Integration Wins at Invitrogen

 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords