Most Popular Stories
Events
- Register for IT Roadmap Dallas 2010
September 14 — Dallas Convention Center - SharePoint Technology Conference
October 20 - 22 — Boston, MA - Northwestern University Master of Science in Information Systems (MSIS)
- Register for The Security Standard 2010
September 13 - 14 — New York, NY
Sponsored Links
HOT TOPICS >> Q2 Earnings Roundup | Cloud Computing | Tablets | Security Vulnerabilities and Exploits
INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
Free Newsletter
Latest News
Popular Topics
Whitepapers
- Whitepaper: Integrated Analytics and WCM Can Improve Performance & ROI
- 5 Must Haves in your Information Management Strategy
- Reporting 2.0 – The next evolutionary step in web based business reporting
- The Shortcut Guide to Secure, Managed File Transfer
- Durable Smart Devices for Mobile Field Forces: Selection and Evaluation Criteria
- Cloud Computing: How To Make Your Own Silver Lining
We never sell or give away your contact information. Our reader's trust comes first.
IBM security expert: X86 virtualization not ready for regulated, mission-critical apps
In a session on virtualization held at Interop Las Vegas this week, IBM security expert Joshua Corman argued that X86 virtualization in not ready for highly regulated, mission-critical applications. The problem is that virtualization opens up new attack surfaces, as well as presents additional operational and availability risks.
In addition, the presence of advanced features--such as live migration of virtual machines--also increases the complexity. Besides the possibility of man-in-the-middle attacks designed to intercept unencrypted data when virtual machines are in transit, another pertinent question to ask is whether a virtual machine moved to a less secure machine.
Indeed, virtualization makes it difficult to meet regulatory requirements such as the PCI DSS. Corman, who is the principal security strategist for IBM's Internet Security Systems division, said, "If you have a choice, I highly recommend you don't adopt virtualization for any regulated project. If you're going to make mistakes, it's better to do so on less critical systems."
Ironically, though, Corman noted how obsession with compliance results in people giving up on risk management. He does offers some advice for organizations working with virtualization. For one, only Type 1, or bare-metal hypervisors should be used for production applications. Also, production applications should be separated from those used for testing or development.
For more on this story:
- check out this article at Network World
Comments
Post new comment
Home
| Subscribe | Advertise | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
![]() |







