OS virtualization at the desktop

["Chad McDonald, CISSP" <chad.mcdonald () GCSU EDU>]

We are about to deploy  a number of the Intel based Macs running OS X
and Windows XP.  XP will run on top of OS X via Parallels
virtualization software.  My concern is that using this in a
production environment exposes data on the client to twice the amount
of risk thanks to the multiple operating systems.  Have any of you
already crossed this bridge?  If so, any advice would be greatly
appreciated.

I am currently seeking info regarding the following questions:
Since the windows "partition" is a file within OS X, can the windows
data be accessed without Windows authentication and authorization?
Are the OS X files subject to worms, trojans, viruses that may
infiltrate via the Windows installation?
Can the Windows partition/file be encrypted via file vault or other
encryption mechanism?
What is the impact on the availability of Windows applications
running in the virtual space?
Does the virtual OS open up any additional risks for the host OS?
Can the virtual OS take advantage of our patch server (WSUS) and
client management suite (Altiris)?
Are there opportunities to improve security at the desktop using
virtualization?

Thanks,
Chad McDonald, CISSP
Chief Information Security Officer
Georgia College & State University
Office  478.445.4473
Cell    478.454.8250