Business ‘black hole’ in virtualisation security

More than half of businesses do not know if their employees are running virtual desktops creating environments completely hidden from IT admin, according to Sophos.

As virtualisation tools become more popular, there was a risk of end-users running unauthorised software in the virtual environments they created. Sophos said that the IT departments needed to make virtual desktop management of a priority because of this, as they could open holes in security.

Richard Jacobs, chief technology officer at Sophos, said that hidden virtual environments were impossible to defend against cyber attacks. He claimed that companies should be wary of the risk that employees would install them, for example because they were trying to get around bans on instant messaging or social networking

He said: "Uncontrolled and unmanaged virtual computers could lead to potentially disastrous consequences, including corporate identity theft, financial losses and embarrassing headlines."

The growth of free virtualisation tools may also encourage employees to download them without any malicious intent. Sophos gave the example of unauthorised virtual browsers not up to date with security patches, or running virtual unprotected peer-to-peer (P2P) programs.

"Virtualisation can offer cost-saving benefits- especially important in the private sector," said Antony Barke, senior technical engineer at Basildon and Thurrock University Hospitals NHS Foundation Trust.

"However, it's essential to secure the virtual environment, just as you would do the rest of the corporate network the same threats exist and this shouldn't be overlooked."

Sophos recommended that businesses made sure employees were aware of acceptable usage policies, and that IT staff had visibility into what applications they were downloading.