The new age of virtualization: as more organizations replace hardware servers with virtual machines, internal auditors must ensure controls are in place to minimize risks.

Author:Lee, Lorraine S.
Position:IT AUDIT

DATA CENTERS INCREASINGLY ARE migrating to virtualized environments, which can dramatically improve the efficiency and availability of computing resources by replacing multiple physical servers with virtual servers that run applications across many computing environments. At the University of North Carolina Wilmington, about 30 percent of the IT environment is virtualized, with 22 physical servers hosting 150 virtual servers. Before virtualization, the e-mail environment consisted of 13 physical systems. After virtualization, the e-mail environment was completely virtualized onto two physical servers, resulting in a 65 percent reduction in power consumption, a lower carbon footprint, and cost avoidance of about US $135,000.

Because virtualization adds another layer of complexity to the computing environment, internal auditors should be aware of the risks associated with it. Issues such as the uncontrolled proliferation of new virtual servers and the additional overhead associated with configuration, administration, licensing, and security must be addressed for the virtualized environment to be secure and reliable. Understanding these risks can enable auditors to help their organization minimize the likelihood that they will occur as well as assess the impact of virtualization on the reliability and integrity of the organization's financial and operational systems.


Virtualization allows one physical server to support multiple virtual servers. For example, three virtual machines can host an organization's Web server, financial systems, and database applications--rather than purchasing three separate physical computer systems to host each of those applications. Each virtual machine can run its own operating system, enabling Windows and Linux applications to co-exist on the same hardware.

Virtualization can enable organizations to gain benefits, such as:

* Increased use of existing servers and reduced operational and capital expenditures. Virtualization technology provider VMware reports that a Windows server running its virtualization software has a 60 percent to 80 percent utilization rate, compared with less than 20 percent for a non-virtualized server. A higher utilization rate of server capacity enables an organization to use its existing assets and reduce hardware costs and power consumption more efficiently. Virtualized servers also require less floor space, further lowering IT department expenditures.

* Easier...

To continue reading