Enterprise adoption of virtualisation is continuing its upward trend. But what about security?
According to Prism Microsystems, organisations are slacking when it comes to protecting virtualised environments. A survey of 302 IT managers, security pros, auditors and administrators about their virtual deployments paints a picture of a landscape where the hypervisor is unprotected and separation of duties is lacking.
According to the study, (PDF) 65 percent of respondents indicated they have not implemented separation of duties between the staffers responsible for provisioning virtual machines and other administrator groups. Not coincidentally, 34.9 percent said they are worried about the potential for insider abuse due to the expanded control available to administrators. In addition, compromising the credentials of a virtual administrator could provide an outside hacker with “the keys to the castle,” Prism’s report said.
“Virtualisation administrators now have full access to server, storage and networking infrastructure, whereas before server administrators may have been prevented from interfering with network operations by simply preventing their access to network infrastructure, or vice versa,” noted Renata Budko, co-founder of virtual security vendor HyTrust.
While it would seem the hypervisor would be a natural focal point for security, many respondents said they are not doing much for it in the way of logging and reporting. Even though 79.5 percent agreed monitoring the virtualisation layer is important, just 29 percent said they are directly collecting logs from the hypervisor. Twenty-one percent said they are collecting logs from the virtual management application. Only 16.9 percent are reporting on activities and controls, and only 15.7 percent at the virtual management application level.
In addition, 58 percent reported that their organisations were using traditional tools for virtual security as opposed to solutions aimed specifically at virtual environments (20 percent). The lack of virtualisation-specific tools being deployed has not slowed uptake of the technology, however, with 85 percent stating they had adopted virtualisation to some degree. The majority expect to have virtualised more than 30 percent of their production servers by the end of 2011.
“There are actually fairly effective security technologies that can be implemented today, but the vast majority of the market is simply not at that level of maturity yet,” said Steve Lafferty, vice president of marketing at Prism. “Technology is only an enabler and without policy it is really not all that useful. The customers we have seen [be] successful with virtualisation are the ones that adopted virtualisation like any other typical IT initiative where policy was defined and the tools to implement the policy followed.”
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…