Yes, says Joseph Moorcones, vice president for worldwide information security at Johnson & Johnson in New Brunswick, N.J. "Complexity of software and technology leaves us vulnerable. Millions of people out there understand technology, and all they have to do is discover one vulnerability [better than we do] and they can cause a tremendous amount of damage in a virtualized environment. Virtual machines scare me a bit because we don't understand the security issues surrounding them, and complexity is the ally of the bad guy."

Is virtualization bad for security? Place a vote and share your opinions.

No, says Michael Barrett, CISO of PayPal in San Jose, Calif. "You can look at virtualization and ask what the heck has that got to do with security? But what it enables you to do is manage a data center that has significant levels of hardware diversity by using a potentially much more stable operating system - and a more hardened one, from a security perspective. It is much easier to manage from an asset-[management] perspective. Virtualization is one of those technologies that not only improves data-center economics, but also has an almost accidental effect on improving security."

< Return to main story: CISO inner circle>