Virtualisation Security Needs More Than A Fortress Mentality

Virtualisation produces impressive results, but it also requires a fundamental shift in mindset. The ‘fortress’ approach that works with older IT environments needs to shift once you’re dealing with virtualised systems.

Picture: Matija Grguric

“The typical way IT has always looked at security is by setting up moats and firewalls — it’s a fortress view,” Colin McCabe, senior manager for the platform business unit at Red Hat, told Lifehacker. “Everything which runs inside that data centre has typically been viewed as protected.”

That viewpoint has multiple problems. For one, it presumes that the same controls are being applied to virtualised environments, and that often isn’t the case. “You need to look at security at the hypervisor layer rather than just the operating system People have often just assumed that the security comes with it.”

The second issue is that it fails to recognise that problems can exist inside the fortress. “The majority of issues are with people internal to organisations, whether through accidents, through social engineering or through malice, introducing things into the environment,” McCabe said. “You can only control that to a certain degree.”

“Even when you can control what’s in your own environment — by disabling USB ports or banning browsing — you can only do that internally. As soon as you allow someone to do a VPN access from their home, you’ve effectively opened the castle gates. And when you extend that into saying I’m moving this critical piece of data into the cloud, you have no control over what’s happening in that environment at all.”

The Cheapest NBN50 Plans

Here are the cheapest plans available for Australia’s most popular NBN speed tier.

At Lifehacker, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.