Virtualization in all of its forms (whether you are thinking of data centers or Windows 2008 or in the future with virtualized desktops) looks like it is going to be a success.  However, there appears to be different deployment visions for leveraging the power of virtualization.  Many people jump at the idea of dynamic environments where server resources are leveraged for different applications, on the fly, instantaneously being deployed to meet a jump in demand.  Unfortunately, for the moment, this idyllic vision cannot really be leveraged for most situations.  Yes, there will be examples where companies dynamically bring online and reconfigure their IT infrastructure to reflect seasonal or event driven demand where planning the actual demands is difficult.  But for the moment, I am going to focus on the security operations aspects of a planned virtualization scenario for this series of articles.

In the area of security, there are many people in the security industry expressing concerns about the inherent risks.  Unfortunately, some of these people like to raise the issues but rarely come out with a mitigation or solution.  So I thought I would create the framework on one that could work for many organizations.  It’s not going to be perfect and if there is enough feedback, I will post it on a Wiki to allow the community to continue the drive to help each other with this fast evolving area of interest. 

Some of the typical issues that are brought up by the security commentators are things like the risk of hypervisors and patching.  In my own humble opinion, these risks have either been resolved by the vendors of the solutions or require today’s level of proactive security monitoring and awareness.  An IT system should not be treated as a single device, but something that is part of a “techno eco system”.  By leveraging tools like host based and network based IDS/IPS,  and your other security and information sources, combined with real security event correlation and proactive monitoring, these threats can be countered or at least detected and reacted to.

When considering the challenge of implementing a virtualized environment, it does share some of the needs of a traditional system, but with the ability to leverage a computing platform for many different business critical applications; there are some additional overheads in planning, auditing, and incident response.  As they say “nothing comes free” but at least if you are proactive, you could reduce risks and costs in the long run.

In next set of blog entries, I will cover areas such as
- Asset Records in a Virtualized World
- Regulatory Compliance
- Audit Trails and Log Management in A Dynamic World
- The affect of location and geophysical influencers
- Patching, Signatures, IDS Tuning, Service Packs and Multiple OS’s on a Single Platform
- Security’s need when dealing with dynamic change controls
- The impact of virtualization on the security event and incident monitoring infrastructure tools
- Firewalls, HIDS/NIDS, Virus
- Forensics and eDiscovery