London, UK 2nd March 2011 - A leading IT security expert claims that, despite all the media hype, virtualisation is actually not a new technology, and dates all the way back to the 1960s. Professor John Walker, member of the Security Advisory Group of ISACA’s London Chapter and CTO of Secure-Bastion, said that, although it’s not a new technology, it has recently come to the forefront again and offers organizations many benefits to the enterprise IT environment.
Professor Walker, gave an online presentation in which he said that whilst virtualisation's benefits include reduced server sprawl and a quicker build time, there are clear security issues.
As with any system, or application configuration, he said, control is vital to security, and its professionals should remember that this security principal applies to the on-line and off-line images alike.
IT professionals, he went on to say, should take care to ensure that new builds are tracked, and that, again, as with conventional systems and applications, virtualised environments need to be patched up and fixed.
"They also suffer from vulnerabilities," he told his audience.
Professor Walker also detailed his ”ring security strategy,“ which defines the virtual environment as the operating system block and three rings: ring 0, ring 1-2 and user applications.
Despite the potential security headaches associated with virtual networks, Professor Walker said that VLANs have become a great security enabler for the enterprise and that VM environments are ideal platforms for IT testing.
VM systems are also ideal tools for the mobile security tester, he went on to say, adding that this is because they support the running of multiple operating systems, multiple applications and multiple tools.
"And if you break it, you just recopy the image," he explained.
The cloud, however, changes a number of things. Professor Walker said that the advent of cloud computing has seen¾and will continue to see¾the use of virtualisation advance.
The question is, he added, are VM applications getting too expensive?
For more details of Professor's Walker's presentation and a recording: http://bit.ly/gxRJTz
For further guidance on virtualisation, ISACA’s white paper, Virtualization: Benefits and Challenges, and a complimentary Virtualization Security Checklist are available as a complimentary downloads from www.isaca.org/virtualization.
With 95,000 constituents in 160 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations. ISACA continually updates COBIT®, which helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Follow ISACA on Twitter at http://twitter.com/ISACANews
Source: Eskenzi PR