Security Still Being Ignored In Virtual Environments

Enterprise adoption of virtualisation is continuing its upward trend. But what about security?

According to Prism Microsystems, organisations are slacking when it comes to protecting virtualised environments. A survey of 302 IT managers, security pros, auditors and administrators about their virtual deployments paints a picture of a landscape where the hypervisor is unprotected and separation of duties is lacking.

According to the study, (PDF) 65 percent of respondents indicated they have not implemented separation of duties between the staffers responsible for provisioning virtual machines and other administrator groups. Not coincidentally, 34.9 percent said they are worried about the potential for insider abuse due to the expanded control available to administrators. In addition, compromising the credentials of a virtual administrator could provide an outside hacker with “the keys to the castle,” Prism’s report said.

Virtualisation administrators now have full access to server, storage and networking infrastructure, whereas before server administrators may have been prevented from interfering with network operations by simply preventing their access to network infrastructure, or vice versa,” noted Renata Budko, co-founder of virtual security vendor HyTrust.

Virtual Management

While it would seem the hypervisor would be a natural focal point for security, many respondents said they are not doing much for it in the way of logging and reporting. Even though 79.5 percent agreed monitoring the virtualisation layer is important, just 29 percent said they are directly collecting logs from the hypervisor. Twenty-one percent said they are collecting logs from the virtual management application. Only 16.9 percent are reporting on activities and controls, and only 15.7 percent at the virtual management application level.

In addition, 58 percent reported that their organisations were using traditional tools for virtual security as opposed to solutions aimed specifically at virtual environments (20 percent). The lack of virtualisation-specific tools being deployed has not slowed uptake of the technology, however, with 85 percent stating they had adopted virtualisation to some degree. The majority expect to have virtualised more than 30 percent of their production servers by the end of 2011.

30 Percent Of Production Servers

“There are actually fairly effective security technologies that can be implemented today, but the vast majority of the market is simply not at that level of maturity yet,” said Steve Lafferty, vice president of marketing at Prism. “Technology is only an enabler and without policy it is really not all that useful. The customers we have seen [be] successful with virtualisation are the ones that adopted virtualisation like any other typical IT initiative where policy was defined and the tools to implement the policy followed.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved
Tags: Virtual

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

17 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

18 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

18 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

20 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

23 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

23 hours ago