Cloud Security Alliance APAC
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice
  • Home
  • About
    • About Us & Our Team
    • APAC Chapters
    • Newsletter
  • Press Release
  • Research
    • APAC Research Advisory Council (APRAC)
    • APAC Research Initiatives >
      • CCM-ABS Mapping WG
      • CCM – RBI Gopala Krishna Committee Report (GKCR) Mapping
      • Cloud Component Specifications
      • Cloud Incident Response
      • Cloud Security Services Management
      • High Performance Computing (HPC) Cloud Security
      • Hybrid Cloud Security Services
      • Industrial Control Systems (ICS) Security
      • Mobile Application Security Testing
      • SaaS Governance
      • Best Practices for Mitigating Risks in Virtualized Environments
    • Reports >
      • Mitigating Hybrid Clouds Risks
      • Cloud OS Security Specification v2.0 >
        • Hybrid Cloud and its Associated Risks
      • Survey Report on Security Practices in HPC & HPC Cloud
      • CCM Addendum (controls mapping with the ABS CCIG 2.0))
      • Cloud Incident Response Framework – A Quick Guide
      • Mobile Application Security Testing Landsacpe Overview
      • CSA CCM v3.0.1 Addendum - Cloud OS Security Specifications
      • CSA CCM v3.0.1 Addendum to the Reserve Bank of India (RBI)’s Gopala Krishna Committee (GKC) Report
      • CSA CCM v3.0.1 Addendum to the Guideline on Effectively Managing Security Service in the Cloud
      • Gap Analysis Report on Mapping CSA’s Cloud Controls Matrix to ‘Guideline on Effectively Managing Security Service in the Cloud’
      • Cloud OS Security Specification
      • Guideline on Effectively Managing Security Service in the Cloud
      • 2018 Cloud Adoption in the Malaysian FSI Sector: Survey Report
      • CSA CCM v3.0.1 Addendum to the Malaysia Personal Data Protection Standard 2015
      • 2017 State on Cloud Adoption and Security: APAC
      • 2016 Cloud Adoption and Security in India Survey Report
      • 2016 Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report
    • C-STAR
  • Events
    • Upcoming Events
    • Past Events
    • CXO Roundtable Series
    • CCSK Training
  • CONTACT
    • Contact Us
    • Privacy Notice

Best Practices for Mitigating Risks in Virtualized Environments​

Virtualization has made a dramatic impact in a very short time on IT and networking and has already delivered huge cost savings and return on investment to enterprise data centers and cloud service providers. Typically, the drivers for machine virtualization, including multi-tenancy, are better server utilization, data center consolidation, and relative ease and speed of provisioning. Cloud service providers can achieve higher density, which translates into better margins. Enterprises can use virtualization to shrink capital expenditures on server hardware as well as to increase operational efficiency. ​

Some think that virtualized environments are more secure than traditional ones for the following reasons:
  • Isolation between virtual machines (VMs) provided by the hypervisor
  • No known successful attacks on hypervisors1 save for theoretical ones, which require access to the hypervisor source code and ability to implement it
  • Ability to deliver core infrastructure and security technologies as virtual appliances such as network switches and firewalls
  • Ability to quarantine and recover quickly from incidents

Others think that the new virtualized environment requires the same type of security as traditional physical environments. As a result, it is not uncommon to see legacy security solutions, processes, and strategies applied to the virtual environment. The bottom line, though, is that the new environment is more complex and requires a new approach to security. 

​Given the number of notable breaches reported in 2014, virtualization security should be given due consideration in the planning, creation, and management of enterprise and provider environments. This white paper proposes a security framework to help secure your virtual environment and to prevent any threats, including the aforementioned, from exploiting vulnerabilities. This paper primarily considers virtualization security from the hypervisor perspective and briefly mentions related security concerns where appropriate. 

Updates:

ISO / IEC International Standard 21878 - Security Guidelines for Design and Implementation of Virtualized Servers Published  in November 2018
Under an MOU signed between CSA & SPRING Singapore (now Enterprise Singapore), a collaboration to build upon the Technical Reference No. 30  on “Servers Virtualization” (first published in 2012 by the IT Standards Committee) and CSA’s Cloud Control Domain 13, a joint white paper entitled ‘Best Practices for Mitigating Risks in Virtualized Environments’ was published by CSA in April 2015. The whitepaper drove efforts for international standardization at ISO which started as a study period in 2015. The ISO International Standard has since been published on 12 November 2018.

Further information can be found HERE and HERE. 

Download the report by clicking the image below!​

Picture
© COPYRIGHT 2021. Cloud Security Alliance. All Right Reserved