Application of best practice in virtualised environments should be for the whole company and not be separate
Best practice should be applied for a whole enterprise and not just for virtualised environments.
Speaking at a security and virtualisation roundtable hosted by Check Point, Simon Perry, principal analyst at Quocirca, claimed that a best practice policy should be for the enterprise, as it is unlikely that a company will have a 100 per cent virtualised environment now or in the next five years.
Perry said: “It will be a mixed estate and the question is not can I make a virtualised estate secure, if you have a mix of physical systems and local applications you will have data that will move across the estate. We have to develop best practice, virtualisation was not invented to make things more secure, it was invented to serve cost. The best practice is planning beforehand."
Chris Bridgland, RSA Global Services senior director, claimed that the key element is to ‘harden the environment'. He said: “Look at keeping in step with vulnerabilities and patches; you have got to keep on top. There is still a judgement on what to allow people to do and the levels of risk, then find the segregation of boundaries and movement of data and the policy to connect the zones.”
Bridgland also claimed that audibility is a key focus, whether in a physical or virtual environment.
Nick Lowe, regional director, Northern Europe at Check Point, said: “You need to look at the entities that you are trying to virtualise, and you need to look at the components with the security hat on.”