The Gaming Boardroom

Virtualising your infrastructure (ITSAP.70.011) – Canadian Centre for Cyber Security

Steve Tyler Leave a comment

Virtualising your infrastructure (ITSAP.70.011) – Canadian Centre for Cyber Security

Summary

This guidance explains the fundamentals of virtualisation: what it is, how it works (virtual machines, hypervisors and hardware), the common types (server, desktop, storage, network, application and cloud), plus expected benefits and practical risks. It outlines what to look for in a hypervisor vendor and gives 15 concrete mitigation actions to reduce the security exposure introduced by virtual environments. The Cyber Centre recommends bare-metal (Type 1) hypervisors where possible for better efficiency and fewer layers of attack surface.

Context and relevance

Virtualisation underpins modern datacentres and cloud services and is central to cost efficiency, faster provisioning and disaster recovery. But it also concentrates risk: a misconfigured hypervisor or unmanaged VM sprawl can weaken your security posture. This guidance is timely for any organisation moving workloads to virtualised infrastructure or the cloud and for teams responsible for secure platform operations.

Key Points

  1. Virtualisation creates software-based instances (VMs) that share physical hardware via a hypervisor, improving hardware utilisation.
  2. Three core components: virtual machines (VMs), hypervisors (Type 1 bare-metal or Type 2 hosted) and the underlying hardware servers.
  3. Types of virtualisation include server, desktop, storage, network, application and cloud — each addresses different operational needs.
  4. Benefits can include lower costs, greater agility, simplified data-centre management and faster recovery, but these depend on correct implementation.
  5. Major risks: VM sprawl, unpatched hosts, compromised hypervisors (VM escape), insufficient isolation, loss of visibility and cascading denial-of-service across VMs.
  6. Vendor selection should consider encryption (in transit and at rest), access controls, monitoring/auditing, hypervisor type and vendor guidance for hardening.
  7. The guidance lists 15 mitigation actions: choose trustworthy vendors, patch frequently, zone virtual networks, separate sensitive data onto physical servers, test in isolation, apply least privilege and separation of duties.
  8. Other recommended controls: multi-factor authentication, regular backups, SIEM/SOAR approaches, AV/IDS on infrastructure, asset management to remove unused VMs, encryption and incident-response planning.
  9. Cyber Centre strongly recommends bare-metal hypervisors for performance and reduced complexity where feasible.

Why should I read this?

Short and useful: if you run or plan to run VMs, this guidance tells you what can go wrong and how to stop it. It’s full of practical checks and a straightforward 15-point action list that saves you time and helps avoid nasty surprises like VM sprawl or a compromised hypervisor affecting everything.

Author style

Punchy and practical — this is authoritative, no-nonsense guidance from the Canadian Cyber Centre. If virtualisation touches your servers or desktops, the detail here is worth reading to harden your setup and avoid common mistakes.

Source

Source: https://cyber.gc.ca/en/guidance/virtualizing-your-infrastructure-itsap70011

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.