According to a recent InformationWeek survey, only one in eight enterprises have a formal security or information protection strategy for their virtual infrastructure. When you moved more servers to your virtual infrastructure did you also increase your attack surface? What is your security strategy for your virtual infrastructure?
Whether you are contemplating, implementing, or currently managing a virtual infrastructure, you are probably quite comfortable with the economic and architectural flexibility benefits from virtualization. However, are you confident in your approach to vulnerability, security, and risk management? Was security part of the requirement when building your virtual infrastructure? Do you have proper policies and procedures to deal with rogue virtual servers, patch management, operating system separation, and change control? Are you aware of technology best practices to secure your virtual infrastructure?
Foundstone assesses your virtual infrastructure in the following four major phases: