Virtualization is an excellent way to make better use of existing IT resources but utilizing them for multiple tasks.  It also allows for hardware and software to be further abstracted so that hardware compatibilities become less of an issue.  Virtual machines can be highly specialized since an entire physical box does not need to be allocated for it.  This reduces potential conflicts of running multiple applications on a single server and minimizes the impact of changes or upgrades.  Virtualization presents a new set of risks to organizations adopting it and it is vital to be aware of risks and information security risk management strategies when implementing a virtualization strategy.

This is the first of three articles. This article provides general information security recommendations for virtual environments. Upcoming articles will discuss virtual machine security policies and backup and business continuity for virtualized environments.

Critical security considerations include:

  • Securing virtual hard disks
  • Reducing the attack surface for hosts
  • Classifying virtual machines
  • Involving information security personnel throughout the lifecycle
  • Segment traffic for administration and storage