Can virtualisation improve security?

Virtualisation is being rapidly adopted by many companies for various reasons. Primarily, it brings significant money, time and labour savings. Businesses embrace virtualisation also because it improves business continuity as the disaster recovery becomes much easier once the enterprise has virtualised. Another reason to praise virtualisation is that it blocks malware attacks. Martyn Croft, CIO at Salvation Army UK says that thin-client virtualisation has helped to protect the business from scammers.

Two years ago Salvation Army replaced 1000 PCs with thin-client virtualisation. Recently, an employee from Salvation Army got a phone call from a scammer who was pretending to be from charity’s IT department. It’s quite a popular practice for scammers to impersonate IT department workers asking whether the computer is running slow etc. They usually get the users to download a Trojan virus, disguised as IT support file.

“The guy [scammer] got frustrated because he had not figured out there was not a PC in front of the user. Everything the scammer asked the user to do was thwarted by all the controls put in place,” Croft revealed.

Thin-client is hard to compromise as control filtering prevents users to be directed to malicious websites. The data and the desktop are secured at the datacentre, which also improves the security. However, it is essential to keep in mind that virtualization technologies connect to network infrastructure and storage networks. It requires a very careful planning with regard to access controls, user permissions, and traditional security controls.