(Rick Whiting, ChannelWeb) With companies looking for ways to cut their IT infrastructure costs, there's no hotter technology right now than virtualization. But those cost savings could carry a big price in compromised security if IT managers aren't careful.

That was the message from Gartner Fellow Neil MacDonald in his "Securing Virtualization, Virtualizing Security" presentation last week at Everything Channel's Midsize Enterprise Summit in Miami. MacDonald's argument is that most virtual machines being deployed by IT departments today aren't as secure as physical systems, not because virtualization is inherently less secure, but because most virtualization technology isn't being deployed in a secure way.

Many suppliers of virtualization and security technology aren't stepping up to the plate and providing the same kinds of protection they provide for physical systems.[..] IT managers should be sure to apply to virtualized systems the same vulnerability assessment/patch management processes they use for physical systems.

Another problem is that virtual systems have internal virtual networks and sometimes communicate between themselves - even when they shouldn't - and IT managers may not be aware of it. And when tools for securing and managing virtual systems are available, they are so different from tools for managing physical systems that the odds of system misconfiguration increase.

Security and management policies for virtual systems must be dynamic and not tied to physical assets, the host operating system should be kept "thin and hardened" and a general-purpose operating system shouldn't be used as the foundation for virtualization software. Businesses should take some of the savings they generate through virtualization and invest it in their security efforts.