Virtual Infrastructure Security Assessment
According to a recent Information Week survey, only one in eight enterprises have a formal security or information protection strategy for their virtual infrastructure. You moved more servers to your virtual infrastructure but have you also increased your attack surface? What is your security strategy for virtual infrastructure?
Whether you are contemplating, implementing, or currently managing a virtual infrastructure, you are probably quite comfortable with the economic and architectural flexibility benefits from virtualization. However,:
• Are you confident in your approach to vulnerability, security and risk management?
• Was security part of the requirements when building your virtual infrastructure?
• Do you have proper policies and procedures to deal with rogue virtual servers, patch management, operating system separation and change control?
• Are you aware of technology best practice to secure your virtual infrastructure?
Intouch World consultants can help you to identify and mitigate the risk to your virtual infrastructure by reviewing the people, process and technology surrounding the targeted virtual infrastructure, which pinpoints vulnerabilities, gaps with industry accepted best practices to the architecture, configuration, and ongoing management of corporate assets.
Advantage with Intouch World
We assess your virtual infrastructure in the following four major phases:
• Architecture and Design Review - Evaluate the virtual infrastructure and security practices in the architecture and design, specifically targeting separation of networks, hosts and virtual machines, and virtual infrastructure management design
• Virtual Infrastructure Configuration Review - Assessment of the configurations of sampled virtual machines and the host against known industry best practices, and identify any insecure configuration associated with the deployed product
• Virtual Infrastructure Security Testing - Test the security from the logical network, virtual server storage network and virtual infrastructure management network. The assessment defines your virtual infrastructure attack surface and the associated risk
• Policy and Procedure Gap Analysis - Evaluate the gap of the current policies and procedures for virtual infrastructure against known best practices according to the ISO27001 security standard