One look at the tech press in recent months tells you that virtualization is the topic (and the technology) du jour. It's changing the way corporate IT works, and it's demonstrating ROI to boot.
Be careful, though, says ZDNet commentator Chris Farrow. Don't deploy virtualization just because it's "the thing to do" at the moment. Virtualization adds complexity to the already heavy security and compliance burdens companies must bear, and you could be in over your head quickly if you don't at least consider its impact on your business.
With that in mind, Farrow lays out five security/compliance issues of which companies that have deployed or are considering deploying virtualization should be aware:
- Determine where your virtual machines are, what they're accessing, and if they are authorized to access it.
- Be ready to provide an audit trail of key virtual machines as they move through the development, testing, production cycle to ensure that only approved changes are made.
- Especially in a hosted environment, make sure that mission-critical VMs are separated from non-critical VMs, and that customer A's are separated from customer B's.
- Pay attention to software license requirements. How many virtual copies of operating systems and applications are you permitted? How many do you actually have "floating around" your network?
- Don't overburden IT staff with virtualization issues when they have yet to be trained in dealing with them. The fact is, the technology is growing and changing faster than IT can learn it.