Security is holding back virtualisation

virtual image

Security is the biggest worry for virtualisation project leaders, according to a report from Kuppinger Cole, an analyst firm that focuses on information security.

Forty per cent of respondents said they believed that a virtual environment was harder to secure than a physical one.

According to the research, security experts' greatest fear is that hypervisor privilege rights could lead to abuse. Although technologies are available to counter these risks, very few IT departments appear to act to limit the far-reaching rights that hypervisor access offers.

In the report, 73 per cent of IT staff admitted to misgivings about hypervisor security, especially as the extra layer it adds creates another potential vulnerability. With almost half of the respondents admitting to having no security log management or privileged user management in place, the report concludes that organisations must address this with some urgency.

"By not investing in virtualisation security, when there are well identified security threats, organisations are taking unnecessary risks which could easily be mitigated," said the report's author Martin Kuppinger.

The Virtualization Security Survey reveals that the major driver for virtualisation initiatives is to achieve operational efficiency, according to 90 per cent of those polled, closely followed by a drive to make cost savings. Virtualisation in preparation for cloud integration seems to have little attraction for half the respondents, as they placed this almost at the bottom of their priorities, just above green IT targets.

Concerns about security are rooted in a perceived lack of expertise and skills to plan and implement a virtualised environment, Kuppinger said. He added that the second major hurdle is funding the initial costs of implementing a strategy.

The main security need is for an integrated solution that will cover both the virtual and the physical environment. This was called for by 83 per cent of the respondents.

Kuppinger concluded: "The key finding for the current state of virtualisation security is that most organisations still have a lot of work to do in this area at both the organisational and conceptual level, as well as in implementing tools to achieve the required level of security in virtualised environments."

IT vendor HP recently warned businesses not to overlook security when deploying virtualised systems.