One of the more intangible benefits of virtualization is that it helps isolate the data residing in our applications from the underlying operating systems that all too often have been the point of attack for various digital miscreants.

There's no doubt that virtual machines have contributed to an improved security posture, but the question that many experts keep asking is when will virtual machine software itself become the target of the attacks. There is nothing inherently more secure about virtual machine software. Some would argue that the security benefit we're receiving from it has more to do with the fact that the technology is relatively new and not widely deployed enough to form a tempting target.

Other factors that have contributed to the relative security of virtual machines is that up until recently the code base for these products have been comparatively thin. But with the arrival of Hyper-V from Microsoft, we're already seeing the code base for virtual machine software start to expand along with its feature sets. And finally, the dynamic nature of virtual machine technology makes it harder for hackers to be exactly sure what application load is running on what virtual machine at any given time.

As good as all those things are, however, not much attention has been paid to date to making virtual machine software all that secure. A small cottage industry has emerged around developing products that secure virtual machines to one degree or another, but adoption of those products has been relatively light. In the end, that means that as virtual machine technology continues to proliferate so do the exposure risks.

What's troubling about that is a couple of high-profile attacks specifically targeted at virtual machine software could effectively freeze roll outs. Virtualization software has a great many benefits. But if it turns out that the risks associated with deploying the technology are greater then people initially assumed, you can bet that chief security officers and risk management officials are going to have a major change of heart when it comes to virtualization.

The folks over at Embotics, which makes tools for managing virtual machine environments, have done a good job outlining the potential security risks associated with virtualization in a white paper called Understanding VirtSec.

What many folks forget is that virtual machine software as we know it today grew up a utility created to help systems managers increase the utilization rates of servers and workstations. Today, we are using that same virtual machine technology to create a whole new foundation for enterprise computing, which needless to say puts a whole lot more at risk when it comes to adopting virtualization.

None of this means that we should freeze the adoption of virtual machine technology today. But it does mean that we just might want to be a little more prudent when it comes to virtualization because when it comes to security, there is still a lot more unknown than known.