Virtualization is high security risk

by CXOtoday News Desk    Mar 05, 2013

Security Threat
Virtualization, bring your own device(s) and shift from data center to cloud-based infrastructure were the primary concerns when it comes to security threats for many enterprise organizations. This was revealed today by F5 Networks, Inc, in its findings of the 2013 RSA Security Trends Survey, which revealed that organizations are struggling to keep pace with the changing face of security. The respondents were RSA attendees at the exhibit floor during last week’s RSA conference in San Francisco. The attendees were IT heads with IT responsibilities over planning, management, oversight, or implementation of security.

The findings show that security trends such as virtualization (73 per cent), BYOD (66 per cent), and the complexity of attack types (72 per cent) have the greatest impact on securing today’s organizations. Nearly half of respondents admit that traditional safeguards are less than adequate in protecting against threats related to these trends, with roughly one-third of respondents reporting that their security readiness is inadequate.

Security is changing, from the type of threats to those driving the threats. When asked what security trends have the greatest impact on an organization’s ability to achieve the level of security it desires, 73 per cent of the respondents answered virtualization. The increasing complexity of threats like distributed denial of service attacks was the option for 72 per cent of the respondents.

Bring your own device (BYOD)– the use of employee-owned devices such as smartphones for business use—was the threat identified by 66 per cent of the respondents.

About 62 per cent attributed it to the change in the bad guys (from hackers to espionage and political motivation). The shift from data center-focused infrastructure to cloud-based infrastructure was the problem for 61 per cent of them. And the shift from traditional client-server applications to web-based applications was the option chosen by 60 per cent of the attendees.

BYOD is seen as critical in an organization’s ability to achieve the level of security it desires, yet a sizeable number of organizations are not taking the appropriate steps to address it. Most organizations –75 per cent see BYOD as being prevalent in their organization. Furthermore, 66 per cent see BYOD as having a somewhat to extremely high impact on security. Despite this, one-third (35%) say they are not prepared to provide adequate security to protect against threats associated with BYOD.

Organizations are unprepared to properly address the shift to web-based applications and cloud-based infrastructure. Nearly two-thirds (64 per cent) of the respondents see the shift to web-based applications as a trend affecting security, yet 37 per cent of respondents’ organizations are not providing adequate security to protect against potential threats.

About 66 per cent of respondents see the shift to cloud-based infrastructure as a trend affecting security, yet 49 per cent of respondents’ organizations are not providing adequate security to protect against potential threats.

“The security landscape continues to change rapidly and many organizations are struggling to properly address evolving threats,” said Mark Vondemkamp, VP of Product Management for Security at F5. “Companies will do well to proactively address trends like BYOD and cloud security, but they should also look to raise their game in terms of threat detection and mitigation. With employee behavior, business priorities, and infrastructure demands further expanding traditional threat vectors, the proper tools and procedures are essential in maintaining a healthy level of security.”

Recommendations:
To prepare for threats posed by emerging security trends, F5 recommends organizations have:
• Centralized, flexible access policy controls that provide comprehensive protection and keep users productive.
• A DNSSEC solution that delivers security, improved performance, and global availability.
• A secure web application firewall and comprehensive, policy-based approach to web application security in addressing emerging threats at the application level.