Study: Virtual Boxes Aren't Locked Up Tight Enough
Virtualization has come to be the hot pick for consolidating and cutting hardware costs. All those machines within machines raise questions about the safety of what's inside, though, and according to a recent study, some are seriously lacking in good answers.
The analysts at Gartner have been pondering virtualization lately, with particular emphasis on how migration affects security. According to their research, that effect is considerable: They estimate that some sixty percent of virtual servers are less secure than the original boxes.
How could such a situation arise? Several ways, it turns out.
Topping the list is poor planning, though not necessarily the way one would think. Many teams, they say, fall victim to the assumption that "nothing has changed" — the new virtualize machine does exactly what the old one did. However, a well-thought-out security strategy that worked on the old machine doesn't necessarily take into account all the elements introduced by the virtualization environment.
Compounding the lack of pre-planning are the actual vulnerabilities themselves. According to Gartner, the virtualization layer should be treated "as the most critical x86 platform in the enterprise data center," keeping it "as thin as possible, while hardening the configuration to unauthorized changes." They go on to note that "Above all, organizations should not rely on host-based security controls to detect a compromise or protect anything running below it."
Gartner also pointed to issues between separate machines running on the same host as key vulnerabilities, particularly where multiple permission layers are involved. Though the company believes only forty percent of machines are currently secure, they estimate that percentage will reach seventy by 2015.
Justin Ryan is a Contributing Editor for Linux Journal.
- Readers' Choice Awards 2013
- Linux Kernel News - November 2013
- Mars Needs Women
- December 2013 Issue of Linux Journal: Readers' Choice
- RSS Feeds
- Sublime Text: One Editor to Rule Them All?
- Raspberry Pi: the Perfect Home Server
- Advanced Hard Drive Caching Techniques
- Web Administration Scripts
- IBM Will Minimize Impact of Future Disasters
- thanks for share, great
4 hours 48 min ago
- There are factors which are
9 hours 48 min ago
- Gnome 3 ?
10 hours 33 min ago
- Reply to comment | Linux Journal
14 hours 40 min ago
- "Redis RethinkDB 4.5%" on Best NoSQL Databases
1 day 46 min ago
- on the ground
1 day 7 hours ago
- I was able to read the whole
1 day 8 hours ago
- since i have read the title i
1 day 11 hours ago
- Belanja Online Cari Voucher Diskon
1 day 12 hours ago
- The kernel doesn't really
2 days 13 min ago