Securing your virtual environment Posted on October 9, 2012 by Tim Burke Odds are your IT environment is somehow engaged in virtualization — either directly in your data center or indirectly via the service providers you’ve engaged. But how much have you — or your IT people — thought about virtualization security? This matters more than you may think. One Gartner analyst has estimated that 60% of virtualized servers will be less secure than the physical servers they’ve replaced. Why? Because too often virtualization projects tend to be developed and deployed without even considering security. The result can be vulnerabilities that enable bad guys to compromise the hypervisor/virtualization layer (e.g., denial of service attacks), which can spread to all hosted workloads. Vulnerabilities also occur… If virtualized workloads with different trust levels are not sufficiently separated when they’re consolidated onto a single physical server, If administrative access to the hypervisor layer and to administrative tools is not adequately controlled, Or if network and security controls are not sufficiently separated. Fortunately, you can do something about all this: Secure your hypervisors, Treat virtual servers like another access layer to your network, Monitor and manage your virtual switches, Implement VM trust zones based on workload-aware security policies, Deploy your VMs with a secure virtualization framework/architecture that, (a) inspects ingress and egress traffic with a purpose-built physical intrusion prevention system (IPS), (b) implements in-line inspection and automated threat blocking to protect hypervisors from targeted attacks, (c) utilizes vulnerability shielding for zero-day protection of both hypervisors and hosted workloads, and (d) enables consistent IPS polices, segmentation, and trust zones across both physical and virtual data center environments.