ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Virtualization Benefits and Security Audit of Virtual IT Systems

Virtualization Benefits and Security Audit of Virtual IT Systems

| Published: 1/11/2011 8:40 AM | Permalink | Email this Post | Comments (0)
Abhik Chaudhuri, MCA, PMP
 
Virtualization is a software technology that uses a physical resource, such as a server, and divides it into virtual resources called virtual machines (VMs). Virtualization helps to consolidate physical resources, simplify deployment and administration, and reduce power and cooling requirements. Virtualization of IT systems has many advantages, and that is why it has become so popular. Apart from improving IT service agility, virtualization technology reduces the infrastructure cost of ownership by reducing the total number of physical servers. So, the operating expenses are reduced drastically with a fewer number of physical servers.
 
Virtualization expedites the server provisioning procedure and also improves capacity management. IT efficiency is increased due to shared central processing unit (CPU) processing capacity and effective storage utilization. The VMs are capable of running different operating systems (OSs) and have several benefits such as encapsulation, isolation and partitioning.
 
VMs are encapsulated into files, making it possible to rapidly save, copy and provision a VM. Fully configured systems, applications, OSs and virtual hardware may be moved, within seconds, from one physical server to another for zero-downtime maintenance and continuous workload consolidation.
 
Virtualization allows partitioning multiple applications and supporting multiple OSs within a single physical system. Servers can be consolidated into VMs on either a scale-up or scale-out architecture, and computing resources can be treated as a uniform pool that is allocated to VMs in a controlled manner.
 
Some large organizations have embraced virtualization to increase business resiliency to support disaster recovery and business continuity. Other significant benefits of virtualization include:
  • Effective segregation of duties (SoD)
  • Simulation with multiple versions of the same or different operating systems
  • More continuity options
  • Expansion of the test environment
But, as with any technology, virtual IT systems are not risk-proof. So, a proper risk mitigation strategy needs to be developed and followed if the organizations are willing to harness the benefits of virtualization technology. Information security auditors have an important role to play in auditing the risks of virtual IT systems. In our recent Journal article, SH (Basie) von Solms, Dipanwita Chaudhuri and I discuss the concept of virtual IT systems and the inherent risks that need to be audited for proper risk mitigation. We have also provided a procedural guideline for a security audit of virtual IT systems that can be referenced during information security audits and during the application of security to virtual IT systems.
 
Read Abhik Chaudhuri, SH (Basie) von Solms and Dipanwita Chaudhuri’s recent Journal Article:
Auditing Security Risks in Virtual IT Systems,” ISACA Journal, volume 1, 2011

Comments

There are no comments yet for this post.
Email