Gartner Outlines Six Most Common Virtualization Security Risks and How to Combat Them
Through 2012, 60 percent of virtualized
servers will be less secure
than the physical servers they replace, according to Gartner, Inc. Although Gartner expects this figure to fall to 30 percent by the end of 2015, analysts warned that many virtualization
deployment projects are being undertaken without involving the information security
team in the initial architecture and planning stages.
„Virtualization is not inherently insecure,“ said Neil MacDonald, vice president and Gartner fellow. „However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.“
Gartner research indicates that at the end of 2009, only 18 percent of enterprise data center workloads that could be virtualized had been virtualized; the number is expected to grow to more than 50 percent by the close of 2012. As more workloads are virtualized, as workloads of different trust levels are combined and as virtualized workloads become more mobile, the security issues associated with virtualization become more critical to address.
Gartner has identified the six most common virtualization security risks together with advice on how each issue might be addressed:
Risk: Information Security Isn’t Initially Involved in the Virtualization Projects
Survey data from Gartner conferences in late 2009 indicates that about 40 percent of virtualization deployment projects were undertaken without involving the information security team in the initial architecture and planning stages. Typically, the operations teams will argue that nothing has really changed — they already have skills and processes to secure workloads, operating systems (OSs) and the hardware underneath. While true, this argument ignores the new layer of software in the form of a hypervisor and virtual machine monitor (VMM) that is introduced when workloads are virtualized.
>> Read full article on http://www.Gartner.com