Putting all your eggs in one basket has never been a great idea – by not securing your virtual environment – you’re doing just that with your corporate data.
Without any security, your virtual host server isn’t far from being an open door – a direct route into your organisation for pretty much anyone with a little knowledge
to access, compromise or corrupt every virtual machines you’ve got: not an appealing prospect!
Although it’s not impossible for the same thing to happen in a physical world: most servers and PCs have some form of security layer in their build – however basic: there probably isn’t a network out there that doesn’t include IDS, Firewalls, DLP or Anti-Virus in some guise. It provides a minimum level of security against internal and external threats that just doesn’t apply in a new virtual infrastructure. Virtual machines’ lack of individual security provision means that unless it’s over-layered at the management level, they’re wide open to attack – in a way that most PCs or network devices aren’t.
But securing the virtual world isn’t all bad news: a brand new virtual deployment gives you a unique opportunity to implement security policies and procedures from scratch – using the latest technologies. That’s rarely possible in a physical network where legacy systems, multiple vendor solutions, anomalies and upgrades mean that policies and procedures can be difficult to implement and harder still to enforce or police.
Your HyperVisor and management console are the gatekeepers to your whole virtual infrastructure, so not deploying some form of security solutions to protect them isn’t an option, it’s a necessity – unless you like scrambled eggs!