"There hasn\u2019t been a significant security breach in\n virtualization, not a public one," says IDC analyst Stephen\n Elliott. "At some point, you have to figure it's a matter of\n time."\n\n IT leaders must deal with virtualization security the same\n way they've dealt with numerous other threats: budgeting,\n planning, tools, process and vigilance. But those IT leaders\n must also be able to separate the real threats from the\n theoretical ones, and that's not always easy right now.RELATED LINKS\n10 Top Virtual Server Security Threats and How To Fix Them\n\nCitrix Seals XenSource Deal, Pressures VMWare\n\nTaking Virtual Servers Beyond Data Center Consolidation\n\nHow Server Virtualization Tools Can Balance Data Center Loads\n\nHow To Do Virtualization Right\n\nHypervisor for Laptops Could Rock Your Mobile World\nWhat's on the virtualization threat horizon and is discussed\n in security labs but not appearing in real-life data centers\n yet?For starters, there's been a lot of talk online and at some\n conferences regarding the possibility of hypervisor malware and\n hypervisor weaknesses. This past summer, a security consulting\n firm called Intelguardians Network Intelligence argued\n that it may be possible for a hacker to "break out" of a\n VM's guest operating system and into the host OS of a\n server. This invites the possibility of installing rootkits\n and other malware, Intelguardians argues.Some security researchers discuss the possibility of a "Blue\n Pill" attack, using a virtual rootkit akin to the one created\n by security researcher Joanna Rutkowska. This kind of rootkit,\n the theory goes, can hide in the hypervisor and away from\n the vision of today's security tools.Should you worry about these theoretical threats yet? Just\n how secure is a hypervisor?"Blue Pill was really targeted as a Windows Vista exploit\n and never really materialized," says Burton Group's Wolf.\n "There's not been a significant threat yet." As for the\n hypervisor threats, he says, "I think the threats there are a\n bit exaggerated. The key is central monitoring and\n updating."More troubling perhaps, says security researcher Chris Hoff:\n Given today's virtualization and security tools, IT has real\n trouble seeing into the traffic running between VMs. "Today\n we've deployed security sprinkled in boxes throughout the\n network," Hoff says. "But traffic patterns may be such now that\n trouble doesn\u2019t even hit the network." IT very much needs\n tools to be able to peek into that inter-VM traffic, Hoff says.\n "The network and security guys have lost precious visibility,"\n he says.Another more practical and immediate problem: Separation of\n duties among IT personnel can radically change in a virtualized\n environment, Hoff says, as access to more VMs gets loaded into\n management consoles. That's the kind of security issue a CIO\n should worry about before worrying about Blue Pill, he\n says.Think critically about what kind of applications you're\n virtualizing in the first place, and be aware, CIOs say. "Now's\n the time to really assess what is the risk profile of the\n systems you've put in the virtualized environment," says Arch\n Coal CIO Michael Abbene.As one of Abbene's virtualization experts, Microsoft Systems\n Administrator Tom Carter says of hypervisor malware and Blue\n Pill, "I'm aware of the facts\u2026but it's low risk to us at\n the same time. It's a complex attack."Nonetheless, he's not dismissing the threat entirely:\n Protecting servers from possible hypervisor attacks is one goal\n of Abbene's team as it investigates new tools including Reflex\n Security's virtual security appliance product.Of course, as with so many security threats, the more\n high-profile and mission-critical the apps that you virtualize\n are, the greater the risk. That requires careful planning plus\n attention to emerging tools. "We've recognized that the risk is\n expanding," Abbene says. "What we could live with one year ago\n we won\u2019t be able to live with six months from now."