Now that you’re paying attention to defense in depth and those security control design/deployment principles, you’re ready to think about infrastructure. So here are #3 and #4 on Quest’s boosting security list:

#3 Build security into your virtualization efforts

• Secure your hypervisors
• Treat virtual servers like another access layer to your network
• Monitor and manage your virtual switches 
• Implement VM trust zones based on workload-aware security policies
• Deploy your VMs with a secure virtualization framework/architecture that …
  • Inspects ingress and egress traffic with a purpose-built physical intrusion prevention system (IPS)
  • Implements in-line inspection and automated threat blocking to protect hypervisors from targeted attacks
  • Utilizes vulnerability shielding for zero-day protection of both hypervisors and hosted workloads
  • Enables consistent IPS polices, segmentation, and trust zones across both physical and virtual data center environments

#4 Improve your application security

• Demand secure software and services from all providers
• Do penetration testing on all third-party code to check for common security vulnerabilities, such as cross-site scripting, code injection, and buffer overflows
• Disable applications’ default accounts, passwords, and administrative data
• Customize your application security methodology and accountability structure to your IT environment so you can sustain preventive and strategic security measures like threat modeling, secure design, and code-level analysis throughout your application lifecycle
• Push awareness of the need for better application security