CIS Releases Security Guidelines

Center for Internet Security and Configuresoft to unveil first CIS virtual machine security guidelines at VMworld 2007

COLORADO SPRINGS, Colo. -- The Center for Internet Security (CIS) and systems management technology innovator Configuresoft, Inc., today announced availability of the first Virtual Machine Security Guidelines. In addition, CIS and Configuresoft will unveil a draft of the upcoming VMware ESX Server Benchmark at the 2007 VMworld conference in order to solicit input from attendees. VMworld 2007 will be held at the Moscone Center in San Francisco, Calif. from September 11 – 13, 2007.

In February, 2007, CIS and Configuresoft developed a benchmark working group and, with input from more than 200 virtualization and security experts from the commercial market and federal organizations, created the industry’s first virtual machine security benchmark. CIS benchmarks and guidelines are unique in the industry in that they are created via broad consensus. This benchmark extends and enhances the hardening guidelines offered by the manufacturers by consolidating the expert opinion of the world’s leading security experts.

Now, CIS is offering interested parties the opportunity to join the consensus process for its forthcoming benchmark which will provide further guidance for organizations as they secure their virtual systems deployed on VMware’s ESX servers. VMworld attendees can sign up to participate at Configuresoft’s booth #1120 and immediately share ideas and feedback.

As adoption of virtualization increases, analysts foresee security issues on the horizon. According to recent Gartner research 1 “Many organizations mistakenly assume that their approach for securing VMs (Virtual Machines) will be the same as securing any operating system (OS) and thus plan to apply their existing configuration guidelines and standards.” The report also states, “Through 2009, 60% of production VMs will be less secure than their physical counterparts.”

“While there are many benefits for data center virtualization, careful attention must be paid to the potential of new security threats born out of the additional complexity produced by virtualization,” said Bert Miuccio, Vice President, The Center for Internet Security. “With input from so many leaders and experts – as well as the broad consensus we will build as a result of VMworld – we are confident that the final versions of both important benchmarks will provide a solid roadmap for organizations as they secure their virtual environments.”

Configuresoft Inc.

The Center for Internet Security (CIS)

Editors' Choice
Elizabeth Montalbano, Contributor, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading
Nate Nelson, Contributing Writer, Dark Reading