Virtualization is not ready for highly regulated, mission critical apps says IBM security strategist

ibm logo

Last week every major IT news portal (like NetworkWorld) quoted the words of Joshua Corman, Principal Security Strategist at IBM Internet Security Systems (aka ISS, the popular security firm that IBM acquired in 2006 for $1.3 billion).

At the Interop conference in Las Vegas Corman said something that other security and virtualization experts are saying since a long time:

x86 virtualization is often a risky proposition for highly regulated, mission-critical applications, because people and processes are not ready for virtualization and the security risks it introduces

Corman also recommended to not use a Type-2 Virtual Machine Monitor (VMM) for production use, and only rely on hypervisors.
It will be interesting to see the KVM and Linux community reaction to this claim.