« Return To List

What are the security concerns with virtualization?

Virtualization is the creation of a virtual server instead of a physical server. One physical server can host multiple virtual servers. Virtual machines are very easy to create. They don't require going out and purchasing and then putting together new equipment everytime someone needs a new server. So are there any security concerns with virtual servers and machines? As with all technology, security is always a concern.

A virtual server is not inherently less secure than a dedicated physical server but there are certain issues to be aware of. One of these issues is due to how simple it is to deploy a virtual machine. When installing a new physical server, there is usually a lot of careful planning that takes place; what exactly the server needs to do, what are the hardware requirements, what security needs to be put in place etc. With a virtual server being so much quicker and easier to deploy, it is easy to not think about all of the potential needs and risks. If the security risks are not thought about, needed precautions may not be made. It is this lack of planning and maintenance that can be the greatest security concern of virtualization.

As with dedicated physical servers, or even just a regular PC with an operating system, keeping a virtual server patched is essential. Any unpatched virtual server is a security risk. Patching for virtual servers actually can require more care and work than a dedicated server. With multiple virtual servers setup on one machine, each one has its own operating system and software. Installing patches for one virtual machine does not keep another virtual machine on the same server protected. Patches have to be applied to each one separately. Additionally the software managing all of the virtual servers, known as the hypervisor, may require patching as well. The hypervisor should be treated as the most critical part and should be kept as thin as possible and preventing all unauthorized changes.

Working with virtual environments can also lead to another problem. Forgotten systems and software. If virtual servers are not tracked and documented well, it can be easy to lose track of them, especially if there are numerous servers, or even if some are setup purely for testing. If the servers themselves, or the software on those servers are forgotten, they may not be patched and updated when needed.

What it all comes down to is that the biggest security risks to virtualization, are not so much the virtualization itself, but the planning and maintenance of them. Virtual servers are still servers and need to be treated as such to keep them safe and secure.

« Return To List
Categories

Newsletter Signup


Full Name:

Email Address: