Latest News

Virtualisation risk strategies explored in ISACA guide

By Editor, CIR

A new guide, produced by global IT association ISACA provides a balanced look at the risks and benefits associated with virtualisation. With its potential to reduce expenses, drive automation and provide flexibility, virtualisation has earned its way onto the board agenda and is being implemented by enterprises worldwide.

According to the Virtualisation: Benefits and Challenges white paper, risks can be divided into three groups:

•Attacks on virtualisation infrastructure: The two primary types are hyperjacking and virtual machine (VM) jumping. Hyperjacking is still a theoretical attack scenario, but has earned significant attention because of the major damage it can potentially cause.

•Attacks on virtualisation features: The more common targets include VM migration and virtual networking functions.

•Compliance and management challenges: The number and types of VM can easily get out of hand; VM sprawl and dormant VMs make it a challenge to get accurate results from vulnerability assessments, patching/updates and auditing.

To combat these risks, ISACA recommends the following:

1. Patch and harden the hypervisor and the guests it supports.
2. Use physical, network and virtualisation-based separation to segment VMs and systems.
3. Use transport encryption to secure VM migration.
4. Implement virtualisation-aware management products and services.

“Virtualisation has recently become a more common practice and enterprises are already realising cost savings and efficiencies by moving to virtualized environments,” said Ramsés Gallego, CISM, CGEIT, CISSP, an author of the white paper and general manager at Entel IT Consulting.

“However, to achieve this value, enterprises must consider the potential security risks and governance considerations. Having well-documented business processes and strong audit capabilities will help ensure the best possible value.”

To download a free copy of Virtualisation: Benefits and Challenges and a virtualisation security checklist from HyTrust, visit www.isaca.org/virtualization

    Share Story:

YOU MIGHT ALSO LIKE

Hospitality sector urges clearer government guidance and more support over pandemic next steps

2022 Predictions: A year of opportunity

2022 Predictions: FCA and Treasury will seek AR oversight improvements


BANNER

Resilience Rooted in Reality
In this podcast, CIR speaks to CLDigital’s Tejas Katwala about why organisations must move beyond checklist compliance to build living, data driven resilience. He explains how rethinking governance, risk and compliance, breaking down silos and focusing on value streams can create sustainable, real time resilience that is rooted in the way businesses actually operate today.

Building cyber resilience in a complex threat landscape
Cyber threats are evolving faster than ever. This episode explores how organisations can strengthen defences, embed resilience, and navigate regulatory and human challenges in an increasingly complex digital environment.

© 2019 Perspective Publishing     Privacy & Cookies