Virtualization has become an essential service that the IT department has offered to Access strategies internal users as a service. The result of this initiative has been a cost saving. As a result of the success, the company has mandated this approach to be adopted for our remote offices. However, our business need for expansion has resulted in the need for adopting new security strategies to protect our virtual infrastructure. These new requirements will require us to evaluate our current infrastructure for weakness and to implement policies, new products, or approaches to better serve our customers.
Access Strategies virtual infrastructure was initially designed to account for simplified management and minimized administrative overhead. The design at the time was perfect for a small environment, but the company has recently expanded. A result of this expansion was the need to redesign the virtual environment was ordered to accommodate the new sites that would need virtual servers to power the infrastructure. This infrastructure was designed, but given recent events in where several companies were exposed because of security deficiencies. Upper management has order a review of the infrastructure to verify that no holes exist within the new infrastructure.
Security weaknesses in any technology infrastructure are usually a result of poor design and implementation of any new technology. Identifying these threats takes precedents of being able to self evaluate your infrastructure and to review every piece of the design to verify that weaknesses are tolerable. This type of task should occur regularly and can be completed by performing a thorough research into the technology that you are looking to evaluate and to consult best practices from vendors and security experts. This type of result can be completed by first completing a thorough risk assessment of our organization virtual infrastructure. Any result of the risk assessment should be thoroughly evaluated and then a remediation plan should be recommended to senior managements for evaluation and implementation. Successfully implementing a security program will prove to our customers that we are serious about security and can be used as a selling point.
Section 1: Identifying Risks within Virtual Infrastructure
This section describes our current virtual infrastructure risks. It includes an overview of the research process, risks that were identified, and the potential issues that occur with risk.
In order to research the risks that accompanied a virtual infrastructure the internal IT department researched vendors, databases, and other sources to determine the type of risks that are associated with the use of a virtual environment. After reviewing this information the IT department collaborated with the internal network security team to identify the following risks within a virtual based infrastructure.