What risks do application virtualization products pose to enterprise security?

What risks do application virtualization products pose to enterprise security?

Tags:   application security  OS security  virtualization security

By Michael Cobb | Jan 8, 2009

I'm working for the U.S. Air Force in Europe, and it is deploying multiple virtualization products in its environment; I'm working specifically with application virtualization. Have there been any reviews of application virtualization products (rather than OS virtualization) and the risks they pose to enterprise security?

Phrases that continue to be used with this type of virtualization are "isolation" or "bubble," but I really would like to know if application virtualization truly is an isolated state from risks possibly entering or escaping those 'isolated' environments. Over the past few years, virtualization has really taken off, as it can help an organization's infrastructure to work harder and faster while reducing costs. Some of the benefits of virtualization include saving space, resources and power consumption, providing redundancy and provisioning capabilities, and improving security. The first virtualization techniques that came into the market were those of server virtualization -- one approach being operating system virtualization, where everything is run from a so-called virtualized disk on the network, encapsulating the entire operating system from the hardware.

 

With operating system virtualization, the whole OS is virtualized, as opposed to specific applications. Although vendors have different types of products, the general principle of application virtualization is to separate application code from the restrictions of individual servers, operating systems and clients to improve portability, manageability and compatibility. A virtualized application is not installed on the hard disk of the machine, but is packaged and run on a virtualization layer, which transparently intercepts all file and registry operations of the virtualized application. The application believes that it is directly interfacing with the operating system and its resources, whereas it is actually encapsulated from them and running in its own virtual space or "bubble."

Since all the required files are available in the bubble for that specific application, these separated virtual spaces ensure that applications cannot conflict with each other. This separation allows superior control over where application data is stored. Data can be located in the corporate data center where it is easier to ensure access policies and regulatory compliance rules are adhered to.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.
 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
New possibilities in video surveillance new
The video surveillance market is booming, driven by increased public and private security concerns, as well as a technology shift. The open video-compression standard H.264 (or MPEG-4 Part 10/AVC), among other developments, offers new possibilities to reduce storage costs and to increase the overall efficiency.
10 reasons to buy a network surveillance camera new
Initially designed to take advantage of digital imaging, networking, and the Internet in new application areas, network cameras were not used for surveillance applications. Now, network cameras have, in several important areas, surpassed analog camera performance.
 
 
 
Shanghai Far East Securities delivers online services without compromising network security
By creating a secure portal that allows customers outside of the corporate network to access online financial services, Blue Coat ProxySG appliances protect Shanghai Far East Securities from malicious attacks while accelerating response time for the applications.
NSG Group consolidates and enhances global network
One of the world’s largest manufacturers of glass and glazing products is centralizing its network infrastructure with a single supplier to support the efficient delivery and availability of key business applications, such as ERP.
 
 
 

Recent popular content

Most Read
Fullerton Hotel Singapore ups energy efficiencies
New possibilities in video surveillance
Social networking sites muddle security pros
10 reasons to buy a network surveillance camera
Michael Jackson, Farrah Fawcett deaths used to spread malware

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS