Home Applications Who’s On the Front Lines of Virtualization Security?

Who’s On the Front Lines of Virtualization Security?

0
0

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Virtualization technologies have reshaped how IT offers and delivers their services to end users and is quite clear that virtualization is a technology which has impacted IT to the highest degree. The efficiency and cost gains realized are without question. However, given its pervasiveness within corporate networks today, there is potential to increase an organization’s risk. As it is often seen with emerging technologies like cloud and mobile and now virtualization, new risks are introduced to the environment as quickly as new virtual servers and applications are spun up. The problem is that organizations are relying too heavily on virtualization vendors for security or are completely ignoring it altogether. 

In a recent BeyondTrust survey of 448 server, IT and virtualization administrators, the results clearly showed that there is more work to be done to ensure the ongoing security of virtual systems. Of the many shocking statistics, the survey revealed 42 percent do not use security tools regularly as part of their virtual systems administration.

The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management are in use.

64 percent of respondents revealed there aren’t security controls in place that require a security sign off prior to releasing a new virtual image or template. Existing templates are often used when creating new virtual servers; however an overwhelming majority of respondents say there are no security controls in place when new templates are created.  This is an area of significant concern, as these templates, either by leveraging outdated unpatched software, or by proliferating mis-configured systems could introduce increased risks across the enterprise.

It’s encouraging that almost 65 percent of those surveyed did in fact follow some sort of hardening guidelines, either from the virtualization vendor themselves or from a security or networking vendor.  Hardening guides are great resources for administrators, who might not be full-fledged members of the security team, but are now able to do their part to reduce risk on an ongoing basis. More often than not, it is a simple security best practice that is neglected when a high profile attack occurs, and could have been easily prevented. It is well documented that most successful attacks leverage known vulnerabilities that could easily be patched.

A few essential steps in the right direction can prevent attacks, maintain compliance and allow restful sleep at night, as opposed to reacting and cleaning up a mess of a breach or surprise audit. The overarching idea is to create a more holistic approach to include virtual environments as part of an overall security strategy. One step must be to enable (and hopefully inspire) the teams on the front lines – the virtualization administrators themselves. We can no longer sacrifice security for efficiency or uptime, as the results have been devastating for too many organizations. This means, however, that the industry itself has to create a set of tools that those administrators can easily learn and incorporate into their existing workflows. 

There are strong indicators that there still continues to be a division of labor (and quite possibly, communication) between Security and Operations, and addressing that can significantly help. With today’s security technology, virtualization administrators can be effective participants in the security lifecycle without interrupting daily work flow. Administrator communication with security teams along with leveraging automated security and reporting solutions for virtualized data centers help fill the gap and gives people the people on the front lines of virtual data center operations the knowledge and resources to make them part of the solution.

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

 

More Resources:

Categories:
DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!
| LATEST RESOURCES

White Papers

    Optimizing Virtual Infrastructure Storage Systems with Xangati ESP

    IN SEARCH OF BETTER TOOLS FOR OPTIMIZING EXPANSIVE ENTERPRISE STORAGE Virtualized infrastructures span servers, switches, storage systems and client devices. Of these four categories, storage systems are the most challenging to correctly size, configure and operate. That’s why IT administrators who manage complex virtual and cloud environments rely on Xangati ESP. Xangati’s real-time monitoring and analysis platform […]

    Downloads

      Download AppEnsure Free Application Response Time And Throughput In Virtualized And Cloud Environments

      Download AppEnsure: Application Response Time And Throughput In Virtualized And Cloud Environments.  AppEnsure is a Citrix Startup Accelerator company! AppEnsure provides APM for IT Operations to proactively manage end-user experience. AppEnsure uniquely correlates the real end-user response time experience with the application-delivery infrastructure performance, providing contextual, actionable intelligence to reduce resolution time by 95% of […]

      On-Demand Webinars

        What’s New: AdminStudio Suite 2016 On-Demand Webinar

        The latest release of App Portal 2016 includes capabilities that will delight your employees and put a smile on your financial analysts face. Employees get the applications they need with a simpler and faster check out process that reduces friction, while ensuring that you get the most out of the software licenses you already own […]


        Close