Virtualization has played a critical role in enterprise IT over the past several years by allowing businesses to rethink data center design for optimization. While consolidating hardware allows for greater optimization, using virtualization also create new risks. According to ComputerWeekly editor Kayleigh Bateman, dormant virtual machines present significant data security challenges.

"When managing a highly virtualised environment, one important consideration is that every virtual machine (VM) - particularly dormant VMs - must be tracked and secured to avoid attacks," Bateman wrote. "VMs can quickly eat into your disk space, and powering back on a dormant VM can leave a huge hole in the network's security."

In the interest of agility, companies can quickly deploy virtual machines as their technology infrastructure needs grow. In an ideal world, unused virtual machines would either be decommissioned, or properly secured and monitored, as Bateman noted. However, there are problems with using traditional security options in a virtual environment as many forms of malware are designed to act differently within a VM. Additionally, effective practices are not always followed even with the best plans in place. This makes it crucial for organizations to implement encryption solutions to protect information on dormant virtual machines.

Virtualization's data security Crisis
One of the problems facing security for VMs is that cybercriminals have only recently started targeting virtual environments. In some cases, this has led business professionals to feel confident that data stored on a VM is protected, but given the proliferation of virtualization among enterprises, it will only be a matter of time before VMs become a popular target. The recent threat posed by the computer worm Crisis shows that threat is already here. As an August article from The Register reported, Crisis exhibited data-stealing capabilities as well as the ability to shut down antivirus programs. But what made the malware unique was its ability to target virtual environments.

"The threat searches for VMware virtual machine images on a compromised Windows PC and attempts to copy itself onto the system using a VMware Player tool," the article stated. "It does not use a vulnerability in the VMware software, but rather relies on a feature that allows the virtual machine's files to be manipulated even when the virty system is not running."

Crisis represents a new threat organizations must be aware of. As the capabilities of Crisis indicate, relying entirely on antivirus and other traditional security solutions may not be enough to fully protect digital assets, even within virtualized environments. This means that encryption solutions must be considered to guard important information as new threats emerge.