SOURCE: Burton Group
January 08, 2008 16:45 ET
Burton Group Develops Five Immutable Laws of Virtualization Security
SALT LAKE CITY, UT--(Marketwire - January 8, 2008) - Burton Group, an IT research firm
focused on enterprise infrastructure technologies, published a report
providing five immutable laws of virtualization security to help IT
organizations ensure improved protection of virtual environments.
Virtualized environments are poised to provide significant operational
benefits to enterprises, but they are not without their risks. The
introduction of a new layer of software -- in the form of the hypervisor --
and the new architectures that provide the benefits must be evaluated from
a security perspective to understand the risk and security impact.
In the report, "Attacking and Defending Virtual Environments," senior
analyst Pete Lindstrom reports the threat level for virtualization
technologies is accelerating quickly as adoption of virtualization grows.
Additionally, malicious attackers are realizing that virtual environments
are cheaper targets.
With a clear understanding of an organizations specific use cases of
virtualization, combined with standard risk principles, Burton Group
developed a set of five immutable laws to help IT organizations drive
security decisions in virtual environments:
Law 1: All existing OS-level attacks work in the exact same way.
Law 2: The hypervisor attack surface is additive to a system's risk
Law 3: Separating functionality and/or content into virtual machines (VM)
will reduce risk.
Law 4: Aggregating functions and resources onto a physical platform will
Law 5: A system containing a "trusted" VM on an "untrusted" host has a
higher risk level than a system containing a "trusted" host with an
"Burton Group recommends the best way to determine how virtualization
impacts security is to determine where and when to apply controls that are
sufficient in the environment based on risk tolerance," says Lindstrom.
"Ultimately, whether virtualization is a bane or boon for security depends
on how the systems are configured, deployed and managed."
More details about the five immutable laws of virtualization on Burton
Group's Security and Risk Management Strategies blog at
About Burton Group
Since 1990, Burton Group (www.burtongroup.com) has provided research and
advisory services helping Global 2000 organizations make smart enterprise
architecture decisions. Burton Group provides a suite of context-oriented
analysis and a proprietary IT Reference Architecture covering security,
identity management, application platforms, service-oriented architecture,
network and telecom, collaboration, content management, and the data
center. Uniquely focused on the need of IT buyers rather than technology
providers, 85% of Burton Group's revenue comes from end-user organizations.