A Stark Reminder Of The Need For Virtual Security

A Stark Reminder Of The Need For Virtual Security

Now that the VENOM vulnerability has been dealt with, it’s time for technologists to seriously consider how ready they are for virtualization security.

Especially if you’re working in an organization with a significant investment in the cloud, this is one area you can’t afford to ignore any longer.

The VENOM vulnerability was discovered last May in an old string of code used in a majority of modern day virtualization hardware. The glitch allows an attacker to login to a virtual machine from the front door (e.g. buying space on AWS) and then “escape,” gaining code execution ability on the host, as well as any other VMs operating on that machine.

And while the threat was neutralized almost immediately with a series of patches, the story underlines a sad state of security in the virtualized world. As is the case with all major technological advances, security has lagged behind for years in the world of virtualized computing.

And it’s the IT department – not a lack of technology – that is to blame for the hold up.

[Read more…]