Home Applications Who’s On the Front Lines of Virtualization Security?

Who’s On the Front Lines of Virtualization Security?


Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Virtualization technologies have reshaped how IT offers and delivers their services to end users and is quite clear that virtualization is a technology which has impacted IT to the highest degree. The efficiency and cost gains realized are without question. However, given its pervasiveness within corporate networks today, there is potential to increase an organization’s risk. As it is often seen with emerging technologies like cloud and mobile and now virtualization, new risks are introduced to the environment as quickly as new virtual servers and applications are spun up. The problem is that organizations are relying too heavily on virtualization vendors for security or are completely ignoring it altogether. 

In a recent BeyondTrust survey of 448 server, IT and virtualization administrators, the results clearly showed that there is more work to be done to ensure the ongoing security of virtual systems. Of the many shocking statistics, the survey revealed 42 percent do not use security tools regularly as part of their virtual systems administration.

The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management are in use.

64 percent of respondents revealed there aren’t security controls in place that require a security sign off prior to releasing a new virtual image or template. Existing templates are often used when creating new virtual servers; however an overwhelming majority of respondents say there are no security controls in place when new templates are created.  This is an area of significant concern, as these templates, either by leveraging outdated unpatched software, or by proliferating mis-configured systems could introduce increased risks across the enterprise.

It’s encouraging that almost 65 percent of those surveyed did in fact follow some sort of hardening guidelines, either from the virtualization vendor themselves or from a security or networking vendor.  Hardening guides are great resources for administrators, who might not be full-fledged members of the security team, but are now able to do their part to reduce risk on an ongoing basis. More often than not, it is a simple security best practice that is neglected when a high profile attack occurs, and could have been easily prevented. It is well documented that most successful attacks leverage known vulnerabilities that could easily be patched.

A few essential steps in the right direction can prevent attacks, maintain compliance and allow restful sleep at night, as opposed to reacting and cleaning up a mess of a breach or surprise audit. The overarching idea is to create a more holistic approach to include virtual environments as part of an overall security strategy. One step must be to enable (and hopefully inspire) the teams on the front lines – the virtualization administrators themselves. We can no longer sacrifice security for efficiency or uptime, as the results have been devastating for too many organizations. This means, however, that the industry itself has to create a set of tools that those administrators can easily learn and incorporate into their existing workflows. 

There are strong indicators that there still continues to be a division of labor (and quite possibly, communication) between Security and Operations, and addressing that can significantly help. With today’s security technology, virtualization administrators can be effective participants in the security lifecycle without interrupting daily work flow. Administrator communication with security teams along with leveraging automated security and reporting solutions for virtualized data centers help fill the gap and gives people the people on the front lines of virtual data center operations the knowledge and resources to make them part of the solution.

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust


More Resources:

DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!

White Papers

    Evolving Requirements of BYOD Management – White Paper

    While the bring your own device (BYOD) trend helps organizations reduces infrastructure costs, only a fraction of those organizations — 16 percent — are fully equipped to support BYOD programs. That’s one of the many findings revealed in Evolving Requirements for Bring Your Own Device (BYOD) Management,  a new white paper by leading IT research […]


      Citrix Load & Performance Testing – Download AppLoader!

      Load testing for Citrix XenApp, XenDesktop, PeopleSoft, Java, .NET, Adobe, client-server, Oracle, Siebel, SAP, web, custom apps and more Download NRG Global’s load and performance testing solution for all applications from the end user’s perspective. This easy-to-use, script-free load and performance testing solution stresses your application with real-life traffic to accurately assess end to end […]

      On-Demand Webinars

        Latest Videos

          Citrix Video: Simplify Support with Session Recording

          Are your users complaining about issues and don’t provide you with enough information to start troubleshooting? What if you could just simply press the “Play” button and replay what the user was exactly doing? Learn more at http://more.citrix.com/SessionRecording.