Virtualisation not new, but needs extra security thought

However, professor John Walker, member of the security advisory group of ISACA's London chapter and also CTO of Secure-Bastion, agrees that virtualisation has recently come to the forefront and does now pose security issues. As with any system or application configuration, he reminds IT professionals that control is vital to security, and that this applies to the on-line and off-line images alike. "IT professionals should take care to ensure that new builds are tracked, and that, again as with conventional systems and applications, virtualised environments need to be patched up and fixed," says Walker. Walker also talks of a 'ring security strategy', which defines the virtual environment as the operating system block and three rings: ring 0, ring 1—2 and user applications. For him, VLANs have become a great security enabler for businesses and VM environments are ideal platforms for IT testing. VM systems, he says, are also ideal tools for mobile security testers, because they support the running of multiple operating systems, multiple applications and multiple tools. "And if you break it, you just recopy the image," he laughs.