Today, one of my students presented a paper in my graduate middleware class entitled Defense Enabling Using Advanced Middleware: An Example (PDF). The paper talks about various strategies for defending applications (rather than systems) from attack. One of the strategies that I thought was interesting was "supporting diversity." This isn't an epidemiological warning about the dangers of using a single operating system. Rather, the authors have implemented a system called QuO that can, among other things, migrate an application from a system running one OS (say Windows XP) to a different OS (say Linux) when it senses an attack.
QuO is a research project, but it seems to me that as more and more systems are implemented in VMs that run on multiple operating systems, this strategy becomes increasingly practical. For example, you could imagine a cluster of jBoss servers running on XP, Linux and Solaris so that an attack on any single OS wouldn't shut down the entire system. I'm wondering if there are any examples of businesses doing this with critical applications right now. If you know of someone using this strategy, leave a comment and tell me about it.