I recently wrote an article for Virtualization Magazine titled Security Implications of Virtualization Platforms in the Virtual Data Center (I know, a crazy long title, but that’s how it was published :) ).  WARNING: That page auto-launches flash video with audio enabled – gave me a bit of a pause when I heard some guy talking and interrupting my current playlist.

I like this piece because I introduce three concrete steps that IT departments can take today to help guard against security attacks tomorrow.  These aren’t necessarily revolutionary ideas but they are tangible, tactical steps that can be performed today during the planning, architecture, and roll-out phases of virtual platform installations and migrations.  From the article:

“In general, IT departments should focus on three virtualization areas as part of their entire virtualization security architecture:

   1. Segmentation of VMs by location
   2. Segmentation of VMs by service type
   3. Proactive security management throughout the VM lifecycle

These three areas will help IT departments protect their virtual infrastructure against current threats as well as help mitigate the threat of future attacks.”

I’m all about baby steps and thinking about management first - I don’t talk about specific threat vectors in this piece intentionally.  Right now I’m very much in the design and planning stages of virtsec for IT departments.  Remember the 4Ds: Define, Design, Develop, Deploy? This piece is all about the first two: know your risks and design an architecture that be used to manage those risks.  Sure, if you’re keeping score, the 3 solutions above are actually in the Deploy category but I want to emphasize the planning portions of those solutions. 

Start by planning today for whatever the virtsec world will throw at you tomorrow.

-Alan