Security is holding back virtualisation

Virtualisation security is still a thorny problem for implementers, says a survey from Kuppinger Cole.

virtual image

Security is the biggest worry for virtualisation project leaders, according to a report from Kuppinger Cole, an analyst firm that focuses on information security.

Forty per cent of respondents said they believed that a virtual environment was harder to secure than a physical one.

According to the research, security experts' greatest fear is that hypervisor privilege rights could lead to abuse. Although technologies are available to counter these risks, very few IT departments appear to act to limit the far-reaching rights that hypervisor access offers.

In the report, 73 per cent of IT staff admitted to misgivings about hypervisor security, especially as the extra layer it adds creates another potential vulnerability. With almost half of the respondents admitting to having no security log management or privileged user management in place, the report concludes that organisations must address this with some urgency.

"By not investing in virtualisation security, when there are well identified security threats, organisations are taking unnecessary risks which could easily be mitigated," said the report's author Martin Kuppinger.

The Virtualization Security Survey reveals that the major driver for virtualisation initiatives is to achieve operational efficiency, according to 90 per cent of those polled, closely followed by a drive to make cost savings. Virtualisation in preparation for cloud integration seems to have little attraction for half the respondents, as they placed this almost at the bottom of their priorities, just above green IT targets.

Concerns about security are rooted in a perceived lack of expertise and skills to plan and implement a virtualised environment, Kuppinger said. He added that the second major hurdle is funding the initial costs of implementing a strategy.

The main security need is for an integrated solution that will cover both the virtual and the physical environment. This was called for by 83 per cent of the respondents.

Kuppinger concluded: "The key finding for the current state of virtualisation security is that most organisations still have a lot of work to do in this area at both the organisational and conceptual level, as well as in implementing tools to achieve the required level of security in virtualised environments."

IT vendor HP recently warned businesses not to overlook security when deploying virtualised systems.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

2 Mar 2021
What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021

Most Popular

How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021