Barney's Blog

Blog archive

Virtually Insecure

Gartner is warning IT that virtual servers are simply not as secure as physical servers. Thank you, Captain Obvious! Of course a bunch of VMs on a single server are not as easily protected as a single instance. Once you crack one VM, or break into the hypervisor, it's easier to crack the rest. This is Computer Science 101.

That's why it so important to protect each VM to the hilt.

Gartner, being smarter than me (or so they tell me), takes a different tack. The whole problem is that IT doesn't take security seriously when deploying VMs. That view is condescending but probably true.

Gartner's advice? Protect the hypervisor at all costs, involve the security team (if you have one) in VM planning and don't give all VMs the same access controls.

So why am I so dismissive of Gartner? Like me, they are pretentious, but unlike me, they never ever make fun of themselves. A loveable jerk they're not! And unlike Gartner, I try to admit all my mistakes especially as you all keep me honest.

In all fairness, the Gartner author here, Neil MacDonald, seems like a pretty bright guy. He probably is smarter than me!

For more information, Gartner is more than happy to sell you a $95 report.

Which research company do you trust and which do you despise? Crunch the numbers and send your results to [email protected].

Posted by Doug Barney on March 17, 2010


Featured