What risks do application virtualization products pose to enterprise security?

What risks do application virtualization products pose to enterprise security?

Tags:   application security  OS security  virtualization security

By Michael Cobb | Jan 8, 2009

I'm working for the U.S. Air Force in Europe, and it is deploying multiple virtualization products in its environment; I'm working specifically with application virtualization. Have there been any reviews of application virtualization products (rather than OS virtualization) and the risks they pose to enterprise security?

Phrases that continue to be used with this type of virtualization are "isolation" or "bubble," but I really would like to know if application virtualization truly is an isolated state from risks possibly entering or escaping those 'isolated' environments. Over the past few years, virtualization has really taken off, as it can help an organization's infrastructure to work harder and faster while reducing costs. Some of the benefits of virtualization include saving space, resources and power consumption, providing redundancy and provisioning capabilities, and improving security. The first virtualization techniques that came into the market were those of server virtualization -- one approach being operating system virtualization, where everything is run from a so-called virtualized disk on the network, encapsulating the entire operating system from the hardware.

 

With operating system virtualization, the whole OS is virtualized, as opposed to specific applications. Although vendors have different types of products, the general principle of application virtualization is to separate application code from the restrictions of individual servers, operating systems and clients to improve portability, manageability and compatibility. A virtualized application is not installed on the hard disk of the machine, but is packaged and run on a virtualization layer, which transparently intercepts all file and registry operations of the virtualized application. The application believes that it is directly interfacing with the operating system and its resources, whereas it is actually encapsulated from them and running in its own virtual space or "bubble."

Since all the required files are available in the bubble for that specific application, these separated virtual spaces ensure that applications cannot conflict with each other. This separation allows superior control over where application data is stored. Data can be located in the corporate data center where it is easier to ensure access policies and regulatory compliance rules are adhered to.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
RSA conference tackles social networking
Social networking sites are phishing traps
Customer voices out concerns on software vulnerability disclosure
The king, the dragon and the secure cloud
UTM product offers Logansport Savings Bank superior protection

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS