Chad Lorenc, information security officer at a financial services company that he asked not be named, said that IT security and compliance projects are far more complex undertakings on virtual machines than on servers that run a single operating system and a single application.
"It is a very complex issue," Lorenc said. "I'm not sure you are going to find a single solution" for addressing security issues in a virtual environment.
"There is no silver bullet," he added. "You have to tackle [security] from a people, process and technology standpoint."
Therefore a server running virtual machines faces more danger from a single exploit than a single physical server, Gerchow said.
He noted that virtualization software allows developers, quality assurance groups and other corporate users to set up virtual machines with relatively little effort, and without IT oversight.
Don't agree. corporate networks are not fully protected either. If you're in, you're in. It really doesn't matter Virtual or Physicval infrastructure.
Read the rest.