Security not keeping pace with virtualization
A survey by Prism Microsystems shows many organizations are failing to enforce a separation of duties and deploy technologies to protect the hypervisor.
According to Prism Microsystems, organizations are slacking when it comes to protecting virtualized environments. In March this year, Prism conducted a survey of 302 IT professionals about their virtual deployments. According to the study, 65 percent of respondents indicated they have not implemented separation of duties between the staffers responsible for provisioning virtual machines and other administrator groups. In addition 34.9 percent said they are worried about the potential for insider abuse due to the expanded control available to administrators.
While it would seem the hypervisor would be a natural focal point for security, many respondents said they are not doing much for it in the way of logging and reporting. Even though 79.5 percent agreed monitoring the virtualization layer is important, just 29 percent said they are directly collecting logs from the hypervisor. 21 percent said they are collecting logs from the virtual management application. Only 16.9 percent are reporting on activities and controls, and only 15.7 percent at the virtual management application level.
Even more surprising, though a majority of the respondents accepted that protecting their virtualized environment was as important as the rest of their architecture, nearly 76 percent of the respondents said they were using either the same security solutions for both or had no specific strategies/solutions in place for the virtual environment.
This scenario could lead to problems in the long-run, said Prism with over 85 percent stating they had adopted virtualization to some degree and the majority expecting to have virtualized more than 30 percent of their production servers by the end of 2011.
- Know Before Getting Your Cloud Architecture In Shape
- CISOs Should Help In Building Digital Trust With Consumers, Says Study
- Battling Cyber Risks With Intelligent Automation
- Ensuring A Secured Blockchain Ecosystem
- Cyber GCCs In India At The Cusp Of Transformation
- Have We Learnt A Lesson From Facebook-Cambridge Analytica Crisis?
- Firms Unable To Cope With Security Skill Gap, Vendor Sprawl: Study
- Why VPN Services Are Getting More And More Popular
- 5 Ways To Create A CX-First Culture For Executives
- Indians Lack Awareness Of Malicious Cryptomining: Study