SAN FRANCISCO -- Virtualization creates several areas of concern when it comes to compliance, according to a security brief released by RSA this week at VMworld 2009.
The document "Security Compliance in a Virtual World" offers five best practices to help organizations address these concerns and ensure compliance when deploying virtualization. They are the following:
- to secure and patch the hypervisor, as well as virtual network switches and other hardware-like components that run on virtual machines;
- to extend configuration and change management processes to the virtual environment;
- to keep administrative duties and access separate, even though virtualization can consolidate server, network and security infrastructure on one machine;
- to segment virtual networks with virtual switches and virtual firewalls; and
- To monitor virtual infrastructure logs and correlate them with physical infrastructure logs to show potential risks.
Executives from RSA Security, VMware Inc. and EMC Corp. authored the report. RSA is the security division of EMC, VMware's parent company.