Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Securing virtual IT environments requires a different approach

Clavister : 23 April, 2009  (Technical Article)
Clavister warns of the dangers of overlooking the specific security requirements when converting to virtual environments
While adverse global economic conditions may be affecting other sectors of the IT market, the Virtualisation explosion continues. However, in the rush to take advantage of the cost benefits of virtualisation, many firms may be compromising their security, according to IP-based security and unified threat management (UTM) specialist, Clavister.

A recent YouGov survey commissioned by Clavister found that more than 40 per cent of IT directors and managers that have implemented server Virtualisation may have left their IT networks open to attack because they wrongly believed that security was built in.

This lack of understanding is one of the most dangerous misconceptions surrounding Virtualisation and it was recently highlighted as the target for new security threats by respected analyst firm, Gartner.

Andreas Asander, VP product management at Clavister said: 'Securing the virtual environment cannot be approached in the same way as the physical environment as Virtualisation offers new points of attack and gives access to a far wider number of applications than a traditional physical server.

"It is vital that IT staff take steps to achieve the same level of security as their physical environment, but by its very definition, the virtual environment is constantly changing and so it is impossible to use the same security solutions.'

The misconception is that everything is secure because the environment is still protected by a firewall but the reality is that this is absolutely not the case. In the virtual environment traffic does not have to leave the virtual infrastructure at all so is therefore not checked and protected by the firewall.

Asander continues: "Problems can come from employees who have direct access that is not protected by firewalls and a worm or Trojan can infect a less secure machine, such as a community portal or forum on the Web server. Segmentation in a physical environment prevents these from spreading but in a virtualised environment you do not have that segmentation so a hacker in your Web system can easily jump over to your financial systems or databases."

Clavister has developed a four step strategy to ensure that the virtual environment is secured:.

* Understand how Virtualisation will affect data security in your new environment.
* Incorporate Virtualisation into your security policy.
* Ensure that you know what you need to do to maintain security in a virtualised environment.
* Check that you have the right technology solutions in place to meet the needs of your particular organisation and the most appropriate tools and processes for smooth implementation and efficient administration.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo