Mitigating Risk in Virtualized Environments: The Workplace of Tomorrow, Today
The month of October is national Cybersecurity Awareness Month, and this week in particular is dedicated to highlighting Cybersecurity in the Workplace. As the nature of work changes, the idea of a workplace is in a perpetual state of redefinition thanks to the cloud, virtualization and remote work. Along with this state of change comes the unique challenge of ensuring the security of data outside of a physical space.
Virtualization has had a major impact on IT and the modern enterprise from a cost and convenience perspective. The adoption and utilization of Virtual Machines (VMs) in the workplace has likewise progressed rapidly. The way we think about and approach security must adapt to this emerging technology and these workplace trends. The IDC predicts 70% of all workloads will run on VMs by 2042. That statistic not only highlights the lifecycle of VM adoption, but the importance of reimagining what security means for the new workplace.
Here are three common virtualization risks you should pay close attention to:
- VM Compliance: User-installed virtual machines aren’t always in line with an enterprise’s security policy, and that may include the absence of security software. Also, the size of the VMs make them easier to copy and store on a remote computer, but because of their capacity, the data loss can be equivalent to stealing a physical server.
- Separation of Duties and Admin Access: In workplaces with physical networks, there is a separation of power between admins who handle server management and admins who handle network management. In a virtualized environment, management consoles give the ability for server and network management to be handled by the same person. While on the surface this may sound like a convenience (and in some cases it can be), it can also provide full infrastructure control to the wrong person if default access and admin settings aren’t customized.
- Hypervisor Compromise: Hypervisors give enterprises immense control over multiple VMs, but default security configurations can make hypervisors vulnerable. These settings turn them into a single point of failure for the entire virtual environment.
Of course, this is not intended to be an exhaustive list of cyber security concerns related to virtualization, nor is it meant to give the impression that virtualization is insecure. The truth is, a mature network environment requires mature security software, policies, training and of course, thinking.
Below are three best practices for secure virtualization in the workplace:
- Update Acceptable Use Policies: Make clear rules about the exact conditions under which virtualization software can be installed, and spell out the repercussions for employees who break these rules.
- Keep Security and Virtualization Software Up to Date: Ensure all VMs in the organization use the same firewalls, antivirus and IDS/IPS. Configure VMs and hypervisors to match your security environment instead of relying on default settings, since these settings can make you vulnerable to worms that automatically propagate and search for other such systems.
- Maintain Compliance at All Times: Administrators should monitor network logs for suspicious activity and perform regular audits of virtualized environments. Important log files, such as Azure firewall logs, should be sent securely to remote servers to prevent potential data loss or tampering resulting from a security breach.
To address these common virtualization risks, companies of all sizes should look to implement industry best practices and move away from legacy endpoint security solutions that don’t provide multilayered protection. Look for a compliance and cloud security solution designed to address every vulnerability of Hyper-V across every virtual resource.