Seven steps to a secure virtual environment

摘要

The need for increased agility and the increasing cost and complexity of IT have driven the rapid adoption of virtualisation technologies. While some virtualisation experts claim that virtualised computing environments are fundamentally no less secure than physical computing environments, others claim that virtualisation can enable better security. Both claims can be correct, but only where the management of the physical machine is secure and the configuration of each virtual machine is secured in a standardised fashion. However, the reality is that when information security controls are improperly implemented or neglected in virtualised environments, real security risks and exposures are created faster than ever. This is the potential dark side of virtualisation, where the information security controls that adequately controlled risks before virtualisation may no longer suffice. The good news is that it doesn't have to be this way. Gene Kim of Tripwire explains why.