Virtualization Security: Protecting Virtualized Environments


Posted on by Ben Rothke

With companies like Citrix and VMware having multibillion dollar valuations, virtualization is a hot piece of software technology.  But not every company deploying it knows of the security risks involved with virtualization, hypervisors and other parts of the technology. Virtualization significantly changes how firms must deal with information security.

Firms love virtualization due to the significant cost savings it brings. But in the rush to save costs, security is often compromised when the hypervisor and other virtualization controls are incorrectly configured.

In Virtualization Security: Protecting Virtualized Environments, Dave Shackleford of the SANS Institute provides an excellent how-to guide to ensure that the security configuration on your hypervisor are indeed configured correctly, to ensure that the underlying hypervisor security controls are indeed working as it should be.

Shackleford is an instructor for the 6-day SANS 579: Virtualization and Private Cloud Securitycourse, and brings his expertise to the book.  While the book is no substitute for the intensive class, it does cover all of the key areas.

The book provides a thorough overview of all of the main topics around virtualization security.  It details the specific threats and vulnerabilities that are unique to a virtualized environment. 

Other chapters provide specific configuration details for the 3 leading hypervisors, namely VMware vSphere and ESXi, Microsoft Hyper-V and Citrix XenServer.

For anyone concerned with ensuring their hypervisor is securely configured, and also wants to know the fundamentals around virtualization security, Virtualization Security: Protecting Virtualized Environments is an invaluable read written by one of the leading experts in the field.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

cloud security data security virtualization, containerization & segmentation

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community