by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : October 2015
The promise of virtualization to improve the use of IT resources is now well established. Unfortunately, understanding the attending security issues has not kept pace. In the age of advanced cyber threats, sophisticated malware and regular high-profile breaches of both private and public organizations’ security, virtualized environments could prove particularly vulnerable. A recent survey by Kaspersky Labs found it costs organizations more than twice as much to recover from a cyber-attack on a virtualized infrastructure than an attack on a physical environment—regardless of the size of the enterprise. That’s because a majority of them use virtual infrastructure for their most important operations. Also, some 42 percent of the survey respondents believe security risks in virtual environments are significantly lower than in physical environments. Organizations do expect that going virtual will decrease their IT spend and streamline their infrastructure, says Matey Voytov, Kaspersky’s corporate products group manager. “If there is not enough attention paid to security matters in the virtual environment,” he says, “ expenses may exceed the benefit.” Several years ago, the National Institute of Standards and Technology (NIST) tried to bring attention to virtualization security needs with SP 800-125, a comprehensive “Guide to Security for Full Virtualization Technologies.” The guide noted virtualization has some negative security implications. “Virtualization adds layers of technology, which can increase the security management burden by necessitating additional security controls,” the guide states. “Also, combining many systems onto a single physical computer can cause a larger impact if a security compromise occurs.” Virtual systems also make it easy to share information between systems. That’s a convenience in regular IT operations, but can also be a way into a system for cyber threats. In some cases, according to NIST, virtualized environments are quite dynamic. That can also make creating and maintaining the necessary security boundaries more complex. NIST followed up on that report in 2014 with draft guidance on how to secure hypervisors, the software that lets you build virtual machines on physical host systems. Specific hypervisor threats include such things as configuration errors, snooping on virtual network traffic, or denial of service attacks. Virtualization itself is still seen as an enabler of better security, however. That’s the case for network virtualization, for example, which some feel can ease security concerns because it allows for easier distribution of such things as virtual firewalls. Organizations can also more quickly mitigate malware by tearing down an infected virtual network and replacing it with another clean network. It’s an argument that Maj. Gen. Sarah Zabel, the new vice director of the Defense Information Systems Agency, gave to a recent industry meeting for adopting network virtualization. It will help the DISA banish persistent threats from its networks, she says. Organizations should be careful in getting too caught up in the potential of virtualization to improve their overall use of IT, Kaspersky warned, even though that potential is indeed real. “Virtual environments are trusted more than physical servers,” says the Kaspersky report, “and nothing can be trusted in a grim security environment.” • • Virtualization Helps Agencies Reach IT goals • Software-defined platforms define future of virtualization • The promise of containers • Service virtualization could be big for DevOps Other Virtualization Report Articles: GCN.COM/2015SNAPSHOTVIRTUALIZATION
January and February 2016