Virtual servers are prone to the same attacks that plague physical servers, as well as new threats that exploit weaknesses in hypervisor technology, experts warn.

Server virtualization makes it possible to run multiple applications and operating systems on fewer devices and lets customers quickly provision new resources based on demand. But the features that enable such flexibility cause network and security managers to wonder whether a security threat in a virtual environment could spread to the entire network.

"I am holding off on server virtualization because I have been hearing about security issues with the hypervisor," says Craig Bush, network administrator at Exactech in Gainesville, Fla. "One server being breached doesn't take down our entire network, but if it is possible for a hypervisor to do that, I'll just wait until the security angle is more played out before I jump into virtualization."

Here we address four of the top concerns about securing virtual environments and attempt to discern the hype from reality.

Virtual-machine escapes could propagate security problems

IT managers worry that security attacks designed to exploit a hypervisor could infect virtual machines that reside on the same physical host, in what is known as a "virtual-machine escape."

If a virtual machine is able to "escape" the isolated environment in which it resides and interact with the parent hypervisor, industry experts say it's possible an attacker could gain access to the hypervisor, which controls other virtual machines, and avoid security controls designed to protect the virtual machine.

"The Holy Grail of security in the virtual world is to bounce out of the [virtual machine] and take control," said Pete Lindstrom, a senior analyst at Burton Group, on a recent Webcast on virtualization security.

But while there are documented attempts to execute a virtual-machine escape, some point out that a security disaster related to such an event has yet to be proved.

"To my knowledge, there has never been a hack that has allowed a security problem to...