However, this technology introduces a virtualisation layer that itself becomes a potential avenue of attack for the virtual services being hosted.
Because a single host system can house multiple virtual machines, the security of that host becomes critical in maintaining the confidentiality, integrity and availability of your systems and data.
While virtualisation technology has been deployed extensively for around two decades now, the commercial offerings are rapidly being updated to address new requirements such as micro-segmentation, software-defined networking, and a plethora or cloud, private-cloud and hybrid-cloud deployments. This technology is incredibly powerful, however, often poorly understood from a security perspective, and rarely implemented correctly in enterprise environments without jeopardising the organisations security posture.
With a focus now on automation, infrastructure-as-code (iac) is becoming part of most new and revised virtualisation deployments. The speed at which environments can be provisioned is quite amazing, but this also means that if security vulnerabilities enter into the workflows they can just as rapidly be distributed across compute environments. While virtualisation was previously in the realm exclusively of the networking and infrastructure teams, it is now incorporating software development because the environments are provisioned and managed through a range of processes that have their roots in code. Accordingly the focus now needs to be “Shift Left” meaning that the attention to security needs to be closer the source of the data, including all artefacts that are relied upon for the integrity of the architecture and networking controls.
As a result, there are several security considerations which differ from the physical world. These include but not limited to:
