Risks Associated with Virtualization: If cloud computing has grown in popularity, virtualization has become the technology du jour.
Virtualization consists of allowing one set of hardware to host multiple virtual machines. It is in use at most large corporations, and it is also becoming more common at smaller businesses.
Some of the possible security risk associated with virtualization includes the following:
Breaking Out of the Virtual Machine: If a disgruntled employee could break out of the virtualization layer and were able to access the other virtual machines, they could access data that they should never be able to access.
Network and Security Controls Can Intermingle: The tools used to administer the virtual machine may not have the same granularity as those used to manage the network. This could lead to privilege escalation and a compromise of security.
Most virtualization-specific threats focus on the hypervisor. Hypervisor is the virtual machine monitor; that is, the software that allow the virtual machine to exist.
If the hypervisor can be successfully attacked, the attacker can gain root-level access to all virtual systems.
Although this is a legitimate issue, and one that has been demonstrated as possible in most systems (including VMware, Xen, and Microsoft Virtual Machine), it is one that has been patched each time it has arisen.
The solution to most virtualization threats is always to apply the most recent patches and keep the system(s) up to date.
Be sure to look for and implement suggestions that the vendor of your virtualization system may have published in hardening guide.