Virtual Machine Security Risks "Phantom or Menace?"

Virtual machines are threatening to crack the walls of data centers with a host of potential security threats—nothing that's been publicly exploited yet but a fact that's borne out by a slew of vulnerabilities patched over the past seven months by major virtualization vendors VMware, Microsoft and XenSource.David Lynch, vice president of marketing at Embotics, […]

Virtual machines are threatening to crack the walls of data centers with a host of potential security threats—nothing that's been publicly exploited yet but a fact that's borne out by a slew of vulnerabilities patched over the past seven months by major virtualization vendors VMware, Microsoft and XenSource.

David Lynch, vice president of marketing at Embotics, a VM life-cycle management vendor, said during a presentation here at Interop Oct. 23 that a fundamental issue with VMs is that they've come into enterprises via the back door, thereby slipping past standard security hardening. Meanwhile, VM sprawl has virtualization instances popping up with nobody keeping track of them. Simply stated, organizations won't be able to secure these things, given that nobody knows how many have been created, Lynch said.

"Even if you just replace [unsecure virtualization instances] completely, how do I make sure I replace all instances of [a] virtual appliance?" Lynch told eWEEK following his presentation. "I asked the audience how many people knew how many virtual machines [they were running]. Three people put their hands up, out of about 50. That's a fundamental issue. People don't know how many machines they have out there. How can you manage them? How can you make sure configurations are maintained, that they're where they're supposed to be?"

Full Article

VM, Virtual Machine, VMware, XenSource, Virtualization, Security