New security threats from every which way

As virtualization, SOA and mobility projects proliferate and converge, they open the enterprise to a rash of troublesome network security problems

For now, Rein is using PlateSpin's PowerRecon management tool to get a look into what's happening inside his virtual environments. Part of PlateSpin's popular virtualization-deployment platform, this component supports such management functions as resource allocation and chargeback capability.

Monitoring a guest machine is not as easy as tweaking host and application security to handle all things virtual, says Chris Farrow, director of product management at Fortisphere, which uses a tagging technology to track virtual guests and block untagged machines from going live on the host.

"Guests have their own challenges. A guest in the virtual world could be live on the network, live but in a host-only mode waiting for its host's command, or in suspend mode waiting to be spun up at any moment. Version control is a big point because you need to know what condition they're in before they go live," he says. "You also have the hypervisor. Is it patched and configured correctly? Is it running securely in its activities and communications?"

Such are the layers of security addressing the layers of risk brought about by virtualization: Virtualization-specific point products that run separately, traditional network and system management products tooled to cover some VMM issues (without looking into the virtual machine activity itself), and problem-specific security tools reset for virtualization.

Note that none of the products mentioned so far does anything to cut down on virtual machine creep outside of the controlled data-center environment.For example, many mobile Mac users are running virtual machine images of Windows computers so they can access their Windows data on their Macs, Novell's Reed notes. "You'll need to further integrate your endpoint security to protect against rogue virtual machines installing on your endpoint devices," he says.

Those virtual desktops also will need management. The easiest fix would be using virtualization itself to control the builds and protect the operations of mobile computers, Mercy Medical's Rein says.

"We can virtualize desktop images into small, inexpensive portable devices, encrypt them, and send them out into the world where they run separate and secure from the host machine, then leave no trace behind when the key is removed," he says. "Imagine the efficiencies in patch management, updates and version controls for your endpoints," he adds.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

More about AppleBillionCircuit CityCiscoCitrix Systems Asia PacificCitrix Systems Asia PacificConfigureSofteBayEndPointsExposureForrester ResearchGartnerGatewayIBM AustraliaIDC AustraliaIntelJanco AssociatesLaserLumensionMacsMicrosoftNovellPatchlinkPatchlinkPlateSpinReflex SecuritySSHSymantecVIAVMware AustraliaVSAXenSource

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Deb Radcliff

Latest Videos

More videos

Blog Posts