"It may make financial sense to consolidate a processor-intensive application onto the same physical host as another that is network-intensive to better balance the use of available resources. However, such an approach may result in virtual servers running highly sensitive core business applications sitting alongside those running publicly accessible applications or websites, both on the same physical host.”  (Gary Wood, Research Director, ISF, from: How Secure is the Current Practice in Virtualisation? Computer Weekly) 

Virtualisation is a good thing! Businesses should try to leverage some of the advantages of virtualisation, but in a secure way. Virtualisation can improve resilience and security.

It seems pretty risky to share services in this manner. I understand that the idea/ideal is to prevent bottlenecks and share load, but the comment at the top sounds like it has to be implimented sensibly adn very carefully or it could impact business critical services.

The security aspect of it represent other issues altogether, and one I would hope has been anticipated from the outset. Questions to be asked when looking for your solution I'd wager . . .

This article talks about how security is the "forgotten stepchild" in the virtualisation buildout:

http://www.cio.com/article/154950/How_to_Find_and_Fix_Real_Security_Threats_on_Your_Virtual_Servers

Many IT organisations have placed highest priority on building out virtualised environments so it's more likely for security to fall by the wayside.

You get situations where the security people aren't involved in setting up virtualisation and have no idea how secure everything is. The server group winds up running the show, and they handle all of the networking and security tasks involved with configuring virtualisation. Since they aren't experts with these areas, it's more likely for mistakes to be made. Also, it's less likely for virtual machines to go through the standard security lifecycle, such as being scanned for vulnerabilities, patched on a regular basis, etc.

Richard Park, Sourcefire

In running a virtual environment you need to exercise the same stringent security practices as you would with physical servers, and if budget allows it, run a virtual environment in the dmz & a separate virtual env on the internal network. In all virtualisation is a good thing & the way to go, however there are now a whole new set of security policies regarding the virtual environment that need to be considered & monitored.