Security not keeping pace with virtualization

by CXOtoday Staff    May 06, 2010

A survey by Prism Microsystems shows many organizations are failing to enforce a separation of duties and deploy technologies to protect the hypervisor.

According to Prism Microsystems, organizations are slacking when it comes to protecting virtualized environments. In March this year, Prism conducted a survey of 302 IT professionals about their virtual deployments. According to the study, 65 percent of respondents indicated they have not implemented separation of duties between the staffers responsible for provisioning virtual machines and other administrator groups. In addition 34.9 percent said they are worried about the potential for insider abuse due to the expanded control available to administrators.

While it would seem the hypervisor would be a natural focal point for security, many respondents said they are not doing much for it in the way of logging and reporting. Even though 79.5 percent agreed monitoring the virtualization layer is important, just 29 percent said they are directly collecting logs from the hypervisor. 21 percent said they are collecting logs from the virtual management application. Only 16.9 percent are reporting on activities and controls, and only 15.7 percent at the virtual management application level.

Even more surprising, though a majority of the respondents accepted that protecting their virtualized environment was as important as the rest of their architecture, nearly 76 percent of the respondents said they were using either the same security solutions for both or had no specific strategies/solutions in place for the virtual environment.

This scenario could lead to problems in the long-run, said Prism with over 85 percent stating they had adopted virtualization to some degree and the majority expecting to have virtualized more than 30 percent of their production servers by the end of 2011.