While reading over the ‘10 Immutable Laws of Security’, it struck me that something similar could be applied to virtualization and its perceived security benefits.  So why not the ‘10 Immutable Laws of Virtualization Security’?  I doubt the veracity of any claim that these are and will remain so absolute as to be immutable, and most lack characteristics that would have them accurately defined as laws.  While many of these can be applied to application virtualization, they were conceived with hardware virtualization in mind.

1. If a virtual machine has unrestricted access to a network, that network is no more secure than if the virtual machine were a physical machine.
2. If a virtual machine has unrestricted access to the host machine, the host machine is no more secure than the virtual machine.
3. Patches & updates are no less important on a virtual machine than on a physical machine.
4. A virtual machine is only as secure as the virtualization software.
5. As virtualized operating systems are added, so are its vulnerabilities.
6. The security benefits of a virtual machine decrease as the rights of the logged in user increase on the host machine and network.
7. Security software is no less important on a virtual machine than it is in a physical machine.
8. Security on a physical network offer no protection between a virtual machine and its host.
9. Complete isolation of a virtual machine from the network and host is not practical.
10. Virtualization is not a panacea.