While the benefits of virtualization are often touted, the challenges it creates for organizations don’t always get the same attention—especially when it comes to IT security. One reason for that is, over the past fifty years, security for strictly physical IT operations has become well established. Whether one is talking about identity management, application security, access and information control or user activity logging and reporting, the majority of physical servers out there are being protected effectively—and they have years of process evolution and best practices to thank for that.
Effective virtual server security, however, is not as ubiquitous—a fact which becomes apparent when one examines the fundamental differences between physical and virtual servers. Whereas organizations can stack servers away in a room and protect them from unwanted access with physical controls, unsecured virtual servers can be cut, copied and pasted from the virtualization host as easily as a file on a PC. And with the hypervisor serving as a single management point for all virtual machine (VM) images, a person with hypervisor access suddenly has control over many business-critical services—for better or worse.
Read this executive brief to learn how to improve control over systems, applications and information to reduce risk not only with physical servers, but also virtual server environments.