An IT security expert claims that, despite all the media hype, virtualisation is actually not a new technology, and dates all the way back to the 1960s. Professor John Walker, member of the Security Advisory Group of ISACA’s London Chapter and CTO of Secure-Bastion, said that, although it’s not a new technology, it has recently come to the forefront again and offers organizations many benefits to the enterprise IT environment.
Professor Walker, gave an online presentation in which he said that whilst virtualisation's benefits include reduced server sprawl and a quicker build time, there are clear security issues.
As with any system, or application configuration, he said, control is vital to security, and its professionals should remember that this security principal applies to the on-line and off-line images alike.
IT professionals, he went on to say, should take care to ensure that new builds are tracked, and that, again, as with conventional systems and applications, virtualised environments need to be patched up and fixed.
"They also suffer from vulnerabilities," he told his audience.
Professor Walker also detailed his ”ring security strategy,“ which defines the virtual environment as the operating system block and three rings: ring 0, ring 1-2 and user applications.
Despite the potential security headaches associated with virtual networks, Professor Walker said that VLANs have become a great security enabler for the enterprise and that VM environments are ideal platforms for IT testing.
VM systems are also ideal tools for the mobile security tester, he went on to say, adding that this is because they support the running of multiple operating systems, multiple applications and multiple tools.
"And if you break it, you just recopy the image," he explained.
The cloud, however, changes a number of things. Professor Walker said that the advent of cloud computing has seen¾and will continue to see¾the use of virtualisation advance.
The question is, he added, are VM applications getting too expensive?