Virtualization is an excellent way to make better use of existing IT resources but utilizing them for multiple tasks. It also allows for hardware and software to be further abstracted so that hardware compatibilities become less of an issue. Virtual machines can be highly specialized since an entire physical box does not need to be allocated for it. This reduces potential conflicts of running multiple applications on a single server and minimizes the impact of changes or upgrades. Virtualization presents a new set of risks to organizations adopting it and it is vital to be aware of risks and information security risk management strategies when implementing a virtualization strategy.
Critical security considerations include:
- Securing virtual hard disks
- Reducing the attack surface for hosts
- Classifying virtual machines
- Involving information security personnel throughout the lifecycle
- Segment traffic for administration and storage