With its potential to reduce expenses, drive automation and provide flexibility, virtualisation has earned its way onto the board of directors’ agenda and is being implemented by enterprises worldwide. But with the many benefits of virtualisation come considerable risks.

Global IT association ISACA has issued a new white paper with a balanced look at virtualisation and strategies to help enterprises maximise the value. This is available as a free download.

According to the “Virtualisation: Benefits and Challenges” white paper, virtualisation risks can be divided into three groups.

The first is attacks on virtualisation infrastructure, where the two primary types are hyperjacking and virtual machine (VM) jumping. Hyperjacking is still a theoretical attack scenario, but has earned significant attention because of the major damage it can potentially cause.

Secondly there are attacks on virtualisation features. The more common targets include VM migration and virtual networking functions.

There are also compliance and management challenges. The number and types of VM can easily get out of hand. VM sprawl and dormant VMs make it a challenge to get accurate results from vulnerability assessments, patching/updates and auditing.

To combat these risks, ISACA recommends to patch and harden the hypervisor and the guests it supports; use physical, network and virtualisation-based separation to segment VMs and systems; use transport encryption to secure VM migration; and implement virtualisation-aware management products and services.

Virtualisation has recently become a more common practice and enterprises are already realising cost savings and efficiencies by moving to virtualised environments, however, to achieve this value, enterprises must consider the potential security risks and governance considerations. Having well-documented business processes and strong audit capabilities will help ensure the best possible value, ISACA insists.

www.isaca-malta.org