Sprawling Security Loopholes

An IT manager’s ability to create and clone servers raises a whole new level of security concerns. The multiple possibilities offered by virtualization also offer multiple entry points for hackers and cybercriminals.

In an article on the Forbes website, Andy Greenberg says companies tend not to secure virtual machines nearly as well as they secure physical hardware.

“The sheer proliferation of virtual machines is probably the biggest security threat IT managers face,” Greenberg writes.

Ed Skoudis, a researcher with the SANS Institute, told Greenberg virtual machines are much harder to track than physical ones and often slip by security checks “as IT managers create dozens or even hundreds of software images on the fly.”

This multiple cloning is what Gene Kim, chief technology officer of cybersecurity firm Tripwire, calls “virtual machine sprawl.” Kim told Forbes that misconfiguration creates the biggest security risks.

Greenberg cites a 2007 Gartner study that estimated more than 60% of virtualized IT setups in 2009 would be less secure than their traditional counterparts.

“The same thing that makes virtual machines so darn useful and flexible make them much more difficult to manage from a security perspective,” said Skoudis.

To read the Forbes article, please click here:
http://www.forbes.com/2009/10/05/tripwire-sans-institute-technology-virtualization-09-security_print.html