Computerworld today trumpets “Virtualization Increases IT Security Pressures.” Is that so? I suppose if you narrowly define more risk as linear with more machines, then, yes more machines = increased risk. That’s like saying “Eating More Calories Will Make You Fat.” Hardly news. Eat more, exercise the same, gain weight. Add more (virtual or physical – makes no difference) machines to your environment, change nothing about the way you manage that environment, you have increased exposure to the same risks you had before.
The expert quoted in the article says (emphasis mine): “…virtualization software allows developers, quality assurance groups and other corporate users to set up virtual machines with relatively little effort — and without IT oversight.” If this expert (information security officer at a financial services company that he asked not be named) allows any physical or virtual servers setup in his environment without IT oversight – I can understand why he’s nervous.