Yesterday Gartner announced a new report about security in virtual infrastructures, publishing a list of six most common and well-known risks:
- Information Security Isn’t Initially Involved in the Virtualization Projects
- A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads
- The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms
- Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation
- Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking
- There Is a Potential Loss of Separation of Duties for Network and Security Controls
virtualization.info publishes a security column, Real-World Security in a Virtual Infrastructure, since July 2009 and we covered many of the issues above.
Our featured columnist, Claudio Criscione, is currently working on the first security assessment toolkit for virtual infrastructures, available in beta now.
Gartner announcement also features a couple of interesting forecasts:
- Through 2012, 60% of virtualized servers will be less secure than the physical servers they replace.
The analysis firm expects this figure to fall to 30% by the end of 2015. - At the end of 2009, only 18% of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50% by the close of 2012.
The virtualization.info Virtualization Industry Predictions page has been updated accordingly.