Virtualization Technology News and Information
Burton Group Develops Five Immutable Laws of Virtualization Security
Burton Group, an IT research firm focused on enterprise infrastructure technologies, published a report providing five immutable laws of virtualization security to help IT organizations ensure improved protection of virtual environments.

Virtualized environments are poised to provide significant operational benefits to enterprises, but they are not without their risks. The introduction of a new layer of software -- in the form of the hypervisor -- and the new architectures that provide the benefits must be evaluated from a security perspective to understand the risk and security impact.

In the report, "Attacking and Defending Virtual Environments," senior analyst Pete Lindstrom reports the threat level for virtualization technologies is accelerating quickly as adoption of virtualization grows. Additionally, malicious attackers are realizing that virtual environments are cheaper targets.

With a clear understanding of an organizations specific use cases of virtualization, combined with standard risk principles, Burton Group developed a set of five immutable laws to help IT organizations drive security decisions in virtual environments:

Law 1: All existing OS-level attacks work in the exact same way.

Law 2: The hypervisor attack surface is additive to a system's risk profile.

Law 3: Separating functionality and/or content into virtual machines (VM) will reduce risk.

Law 4: Aggregating functions and resources onto a physical platform will increase risk.

Law 5: A system containing a "trusted" VM on an "untrusted" host has a higher risk level than a system containing a "trusted" host with an "untrusted" VM.

"Burton Group recommends the best way to determine how virtualization impacts security is to determine where and when to apply controls that are sufficient in the environment based on risk tolerance," says Lindstrom. "Ultimately, whether virtualization is a bane or boon for security depends on how the systems are configured, deployed and managed."

More details about the five immutable laws of virtualization on Burton Group's Security and Risk Management Strategies blog at

Published Wednesday, January 09, 2008 7:59 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2008>