If you’re running a virtual computing environment proper security procedures are just as important as in physical settings. Some IT security consultants have found clients operating a virtual setup sometimes have misconceptions regarding security.
Number one is the idea that a virtual environment is inherently more secure than a physical one. This isn’t the case – malware, spyware and virus attacks are constantly evolving and some have been designed specifically to target virtual machines.
There’s also the human element – ensuring best practice amongst employees applies whether it’s a physical or virtual environment.
Some security practices
Updates and patches to software – keep up to date with your software vendors’ new releases. Install them as soon as they become available and follow any instructions implicitly. For example, StorMagic provide updates and patches as part of their support packages for their virtual storage package.
This is particularly important with the hypervisor as this is the area most popularly targeted by cyber criminals as it such a pivotal part of the virtualized set up. In a physical environment, servers would be individually segregated but, by nature of a virtual environment and the hypervisor pooling server resources, several can be exposed to threats in one go.
Run appropriate security software – take advice from your software vendor and maybe an IT consultant if you use one. It’s important to use programs such as anti-virus and anti-malware that works well with your software setup. For example, if using VMware’s industry-leading hypervisor vSphere then using the same company’s vShield Endpoint or a related security product makes sense.
VM (virtual machines) – make sure they’re secured with a firewalls and anti-virus programs. Use strong encryption between these and the host machine.
Frequently review your VM status: are there any VMs that were created for a project that has since finished and are now no longer used? Shut them down.
Monitoring – the software packages mention above include full monitoring facilities so use them.
Host computer use – only install what you need as, inevitably, any new software can be a potential vulnerability. Review current use and remove programs no longer required.
It’s advisable not to access the Internet directly from the host machine as any malware and spyware can easily be passed to virtual machines. Secure accounts and control access to the host machine.
The human element – ensure best practices in the office environment. Information security as opposed to data vulnerabilities such as from viruses, spyware and malware is often down to adhering to the basics:
- Frequently changing passwords
- Controlling access to even virtual machines
- Disposing of sensitive paperwork properly through shredding rather than a waste bin
Backing up – sounds obvious, but a reliable back up regime is vital.
At its core, good security practice revolves around proper management of the software in terms of swift upgrades when made available by the vendor and effective monitoring using the management tools provided.
Don’t forget proper levels of support; if the worst happens, you’ll need expert help from your vendor promptly.