Secure by Design
Adding security to an already existing infrastructure is much harder and costly than thinking about it at design time.
In a virtual infrastructure, it is good use to build up a Master image which has been hardened from the start.
Overly complex designs become harder for the IT team to manage and overlook, and it makes it easier for an attacker to exploit and stay in the shadows. Simpler designs that can be easily overviewed are basically more secure. Use the K.I.S.S. principle for your designs.
Note: KISS is an acronym for “Keep it simple, stupid” as a design principle noted by the U.S. Navy in 1960. The KISS principle states that most systems work best if they are kept simple rather than made complicated; therefore simplicity should be a key goal in design and unnecessary complexity should be avoided. A simple design is easier to overview and to secure as a whole. You can refer to this wikipedia article for further information.