Home Applications Who’s On the Front Lines of Virtualization Security?

Who’s On the Front Lines of Virtualization Security?

0
0
0

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Virtualization technologies have reshaped how IT offers and delivers their services to end users and is quite clear that virtualization is a technology which has impacted IT to the highest degree. The efficiency and cost gains realized are without question. However, given its pervasiveness within corporate networks today, there is potential to increase an organization’s risk. As it is often seen with emerging technologies like cloud and mobile and now virtualization, new risks are introduced to the environment as quickly as new virtual servers and applications are spun up. The problem is that organizations are relying too heavily on virtualization vendors for security or are completely ignoring it altogether. 

In a recent BeyondTrust survey of 448 server, IT and virtualization administrators, the results clearly showed that there is more work to be done to ensure the ongoing security of virtual systems. Of the many shocking statistics, the survey revealed 42 percent do not use security tools regularly as part of their virtual systems administration.

The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management are in use.

64 percent of respondents revealed there aren’t security controls in place that require a security sign off prior to releasing a new virtual image or template. Existing templates are often used when creating new virtual servers; however an overwhelming majority of respondents say there are no security controls in place when new templates are created.  This is an area of significant concern, as these templates, either by leveraging outdated unpatched software, or by proliferating mis-configured systems could introduce increased risks across the enterprise.

It’s encouraging that almost 65 percent of those surveyed did in fact follow some sort of hardening guidelines, either from the virtualization vendor themselves or from a security or networking vendor.  Hardening guides are great resources for administrators, who might not be full-fledged members of the security team, but are now able to do their part to reduce risk on an ongoing basis. More often than not, it is a simple security best practice that is neglected when a high profile attack occurs, and could have been easily prevented. It is well documented that most successful attacks leverage known vulnerabilities that could easily be patched.

A few essential steps in the right direction can prevent attacks, maintain compliance and allow restful sleep at night, as opposed to reacting and cleaning up a mess of a breach or surprise audit. The overarching idea is to create a more holistic approach to include virtual environments as part of an overall security strategy. One step must be to enable (and hopefully inspire) the teams on the front lines – the virtualization administrators themselves. We can no longer sacrifice security for efficiency or uptime, as the results have been devastating for too many organizations. This means, however, that the industry itself has to create a set of tools that those administrators can easily learn and incorporate into their existing workflows. 

There are strong indicators that there still continues to be a division of labor (and quite possibly, communication) between Security and Operations, and addressing that can significantly help. With today’s security technology, virtualization administrators can be effective participants in the security lifecycle without interrupting daily work flow. Administrator communication with security teams along with leveraging automated security and reporting solutions for virtualized data centers help fill the gap and gives people the people on the front lines of virtual data center operations the knowledge and resources to make them part of the solution.

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

 

More Resources:

DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!
| LATEST RESOURCES

White Papers

    Monitoring and Troubleshooting Citrix Logon Issues – White Paper

    The first time that a user interacts with the Citrix infrastructure is during logon. This also happens to be one of the most complex stages of a Citrix session. Citrix logon has several phases, involving Citrix apps, Microsoft operating systems, infrastructure components and third-party applications. Slow logons can affect the user experience and reduce user […]

    Downloads

      Free Tool! SPDocKit Pulse – Autodiscover SharePoint Farms and Servers

      Autodiscover SharePoint farms and the accompanying servers in your domain. Use the interactive dashboard to monitor Farm performance and track status per Server (RAM, CPU and disk data). Download Free Tool powered by SPDocKit: https://pulse.spdockit.com/

      On-Demand Webinars

        Latest Videos

          Close