Choosing end-user productivity over IT security and manageability is a common predicament when building a secure IT environment. If you want to maintain productivity, you must sacrifice security. If it’s security that you’re seeking, productivity and usability suffers.
Deploying a VM (or several) onto your desktop environment eliminates the need to choose as it provides a feasible solution for both issues. In a previous post, we looked at the ways in which VMs improve efficiency and productivity. The full isolation that each hypervisor provides between each OS gives developers a means to test and develop without disrupting production. That partition is also an enhanced layer of security.
Each VM contains its own guest OS and operates directly on top of a machine's physical hardware, the host OS. This means each VM can be isolated from the hardware and host OS and are often able to compartmentalize a compromised system caused by breaches within themselves. This containment protects the underlying hardware and host OS from being exposed to external attacks.
VMs are still susceptible to attacks, but the spread is contained. For instance, clicking on a suspicious link in an email or opening an attachment can trigger the download of malware onto a device. Without a hypervisor – or VM - if an attacker gains access to a system that shares the same kernel, it can then be exploited. In an isolated workspace such as a VM, the damage is contained to that OS and any other OS - including the host system - remains unaffected.
VMs also provide a safety net for your data, as they can be used to enable rapid disaster recovery and automatic backups. For growing businesses, the scalability of virtual environments can be crucial to accommodate the growing pains of an expanding IT environment.
If an event affects a physical server, replacing or repairing it may take hours or even days. With a virtualized environment, a fix is easy to provision and deploy, allowing you to replicate or clone the compromised VM for future impact analysis. Setting up a new physical server would take hours to complete. Whereas the recovery process in a virtual environment would take a few minutes enhancing the resiliency of the environment and maintaining business continuity.
Overall, VMs can reduce downtime and enhance resiliency in disaster recovery situations and external attacks while maintaining an organization’s productivity. VMs live their best lives when they are maintained and updated, so we recommend the following standards for practice when deploying:
- maintain OS applications and updates for both virtual and host machines
- isolate each VM by installing a firewall, only allow approved protocols, and don’t share files
- install antivirus programs on each VM and maintain updates
- utilize strong encryption between the host and virtual machines
- avoid direct internet browsing from the host computer
- manage remote access to VMs and the host machine to minimize exposure