Deconstructing the "S" word in virtualisation

So you've done your homework on virtualisation and have mapped out your strategy for the next couple of years - what about security?

According to the Gartner Group, whilst virtualisation offers large organisations the opportunity to reduce costs and increase their overall IT agility, if the implementation process is carried out without implementing IT security best practices, it can actually increase the costs and reduce the organisation's IT efficiencies.

In a presentation at a Gartner symposium on virtualising security in San Francisco back in April 2007, Neil MacDonald, a Gartner vice president and fellow, told his audience - which included this writer - that, regardless of the specific architecture involved, the process of virtualisation uses a privileged layer of software.

If this privileged layer is compromised, he told delegates, it places all consolidated workloads at risk. "Virtualisation, as with any emerging technology, will be the target of new security threats," he said.

"Many organisations mistakenly assume that their approach for securing virtual machines will be the same as securing any operating systems and, as a result, plan to apply their existing configuration guidelines, standards and tools," he added.