Home Applications Who’s On the Front Lines of Virtualization Security?

Who’s On the Front Lines of Virtualization Security?

0
0

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Virtualization technologies have reshaped how IT offers and delivers their services to end users and is quite clear that virtualization is a technology which has impacted IT to the highest degree. The efficiency and cost gains realized are without question. However, given its pervasiveness within corporate networks today, there is potential to increase an organization’s risk. As it is often seen with emerging technologies like cloud and mobile and now virtualization, new risks are introduced to the environment as quickly as new virtual servers and applications are spun up. The problem is that organizations are relying too heavily on virtualization vendors for security or are completely ignoring it altogether. 

In a recent BeyondTrust survey of 448 server, IT and virtualization administrators, the results clearly showed that there is more work to be done to ensure the ongoing security of virtual systems. Of the many shocking statistics, the survey revealed 42 percent do not use security tools regularly as part of their virtual systems administration.

The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management are in use.

64 percent of respondents revealed there aren’t security controls in place that require a security sign off prior to releasing a new virtual image or template. Existing templates are often used when creating new virtual servers; however an overwhelming majority of respondents say there are no security controls in place when new templates are created.  This is an area of significant concern, as these templates, either by leveraging outdated unpatched software, or by proliferating mis-configured systems could introduce increased risks across the enterprise.

It’s encouraging that almost 65 percent of those surveyed did in fact follow some sort of hardening guidelines, either from the virtualization vendor themselves or from a security or networking vendor.  Hardening guides are great resources for administrators, who might not be full-fledged members of the security team, but are now able to do their part to reduce risk on an ongoing basis. More often than not, it is a simple security best practice that is neglected when a high profile attack occurs, and could have been easily prevented. It is well documented that most successful attacks leverage known vulnerabilities that could easily be patched.

A few essential steps in the right direction can prevent attacks, maintain compliance and allow restful sleep at night, as opposed to reacting and cleaning up a mess of a breach or surprise audit. The overarching idea is to create a more holistic approach to include virtual environments as part of an overall security strategy. One step must be to enable (and hopefully inspire) the teams on the front lines – the virtualization administrators themselves. We can no longer sacrifice security for efficiency or uptime, as the results have been devastating for too many organizations. This means, however, that the industry itself has to create a set of tools that those administrators can easily learn and incorporate into their existing workflows. 

There are strong indicators that there still continues to be a division of labor (and quite possibly, communication) between Security and Operations, and addressing that can significantly help. With today’s security technology, virtualization administrators can be effective participants in the security lifecycle without interrupting daily work flow. Administrator communication with security teams along with leveraging automated security and reporting solutions for virtualized data centers help fill the gap and gives people the people on the front lines of virtual data center operations the knowledge and resources to make them part of the solution.

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Featured Resources:

Related Articles:

Categories:
DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!
| LATEST RESOURCES

White Papers

    Amazon AppStream 2.0 Developer Guide

    This is official Amazon Web Services (AWS) documentation for Amazon AppStream 2.0. This documentation is offered for free here as a Kindle book, or you can read it online or in PDF format at https://aws.amazon.com/documentation/appstream/. Amazon AppStream 2.0 is a fully managed, secure application streaming service that allows you to stream desktop applications from AWS […]

    Downloads

      FREE eG Enterprise Logon Simulator for Citrix XenApp and XenDesktop

      Fast, free and incredibly useful. Coming in summer 2017. 14Synthetic logon simulation tool for monitoring, diagnosis, alerting and reporting of Citrix logon performance Quick SaaS deployment – be up and running in minutes Web-based monitoring console Supports logon through StoreFront or NetScaler Gateway Best-suited for Citrix XenApp 6.5, 7.x and XenDesktop 7.x Free forever, no […]

      On-Demand Webinars

        Closing the Visibility Gap | How to Combine Application & Infrastructure Monitoring to Accelerate IT Transformation – On-Demand Webinar

        Citrix Performance Monitoring Solutions What leaves visibility gaps and demands higher levels of time and expertise from IT professionals? Having different consoles for application code visibility vs. IT infrastructure management. The convergence of application and infrastructure monitoring offers significant opportunities to drive IT transformation using IT service management, DevOps and/or a combination of both. Watch […]

        Latest Videos

          ManageEngine Desktop Central Video – Free Patch Management Training

          This training video will guide you through the best practices in deploying patches using Desktop Central. Desktop Central supports Patch Management for Windows, Mac, Linux and third party applications. This video is from the fine folks at ManageEngine

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win a Tesla P100D

          Visit our Sponsors!


          Close