Like any emerging technology, the analyst said virtualisation will be the target of new security threats. It warned that simply applying the technologies and best practices for securing physical servers won’t provide sufficient protections for virtual machines.
As a result, Gartner predicts 60 per cent of virtual machines used in production environments will be less secure than their physical equivalents by 2009.
Now bearing in mind these are the same folks that claimed IDS was dead. I tend to take a dim view of Gartner releases in general. Basically one would be ill advised to take them solely on face value. As with any resource on the web for that matter (yes, us as well).
Gartner goes on to advise that virtual machines should be locked down before deployment.
Sigh, I find it disturbing that they felt it necessary to outline this aspect. Although I guess I can understand this point of view having encountered some, er, interesting IT managers in my day. To treat a virtual machine any differently (by which I mean, in a lax manner) is a flawed approach. This is especially true if these systems are being deployed in a production environment. Security does in fact have to take a greater role here due to the overwhelming “new car smell” this technology holds for most businesses. There are discussions on rootkit VMs and the like to be sure. A VM should be treated as any operating system that you deploy. OK, you have the ability to recover if something goes wrong but, that would only apply if you detect a breach in the first place. By then who knows how much customer data might have flown out the front door?
Intrusion detection (for example) has merit and defense in depth still applies.
UPDATE: Almost as if on cue I see this advisory for VMWare.
[tags]Virtual Machines, Gartner, IDS, VM Rootkits[/tags]