« VMware Server Virtualization, Compliance & Data Security | Main | MSFT to Craft it's own VMsafe? »
Friday
May302008

VirtSec ... the real issue is Management (... maybe.)

Jon Oltsik at the CNET News blog may be oversimplifying the issue of virtsec.  Nope.  Take that back.  He's DEFINITELY oversimplifying the issues of virtual server security.  It's not that he isn't correct in laying the issue squarely at the feet of management and security controls, but it's just too facile to make that the one and only issue of virtualization security.  I'm rather certain that I'm not the only other person in the industry with this point of view.  (... and I'm not referring only to the vendors of v12n security technologies like Blue Lane or Catbird Networks. )

Update:  Guess I was right about the reaction.  Here's one.

The real issue around server virtualization security | Tech news blog - CNET News.com

... So what is it about server virtualization that should really keep chief information security officers up at night? A more pedestrian worry--lack of control. In a virtual server world, IT administrators can clone virtual hosts, move them around, or turn them on and off by accident or with malicious intent. What happens when an IT administrator moves a critical database server instance without re-configuring application servers or the network? How about when someone mistakenly adds a test server to the production network? The security "uh-oh" possibilities are endless.

The real threat here is that server virtualization takes on a life of its own without proper management and security controls. This is why VMware is investing in its virtual infrastructure, Citrix is keen on its Citrix Delivery Center, and Microsoft is pushing its System Center Virtual Machine Manager (SCVMM) architecture. Systems and operations management vendors like BMC Software, CA, Hewlett-Packard, and IBM are also paying close attention and adding virtualization capabilities to tools, processes, and services. Given its 30-plus years with mainframe virtualization, IBM for one has seen this movie before.  ...

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.