ENISA study on the security aspects of virtualization

The final objective is to provide the basis to understand the main issues and challenges related to the security in virtualization, and provide a look at common best practices to implement a secure virtualised environment.

Virtualization, is referred to as the set of activities aimed to create a virtual version of real components including, computer-hardware platforms, operating systems, storage, and networking. It is present nowadays at the basis of server and desktop infrastructures, cloud computing, networking, and containerization.

Virtualized environments are pervasively adopted and therefore increasingly becoming targets of cyber-attacks. More and more elaborated and specialized attacks are currently devised to exploit vulnerabilities and weaknesses at the virtualization layer. The recent and widespread adoption of virtualization technologies has changed the traditional view of ICT, as virtualization can provide a dramatic increase in the efficiency and effectiveness of complex organizations and communities. It is also expected to constitute an important technological pillar of a thriving data-driven economy and the European single digital market.

However, virtualization technologies bear a number of different security risks, some of them shared with traditional computing environments including issues affecting operating systems, communication protocols, and applications, which can be even exacerbated by the presence of virtualized components, producing a greater security impact.  On the other side, virtualization also introduces a number of specific security issues requiring ad hoc solutions.

Full report is available online

For interviews and press enquiries please contact press@enisa.europa.eu Tel. +30 2814409576