Home Applications Who’s On the Front Lines of Virtualization Security?

Who’s On the Front Lines of Virtualization Security?

0
0

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Virtualization technologies have reshaped how IT offers and delivers their services to end users and is quite clear that virtualization is a technology which has impacted IT to the highest degree. The efficiency and cost gains realized are without question. However, given its pervasiveness within corporate networks today, there is potential to increase an organization’s risk. As it is often seen with emerging technologies like cloud and mobile and now virtualization, new risks are introduced to the environment as quickly as new virtual servers and applications are spun up. The problem is that organizations are relying too heavily on virtualization vendors for security or are completely ignoring it altogether. 

In a recent BeyondTrust survey of 448 server, IT and virtualization administrators, the results clearly showed that there is more work to be done to ensure the ongoing security of virtual systems. Of the many shocking statistics, the survey revealed 42 percent do not use security tools regularly as part of their virtual systems administration.

The fact that well over half of respondents said “yes, we use security tools regularly” is very encouraging, but the most often security technology cited was antivirus.  Clearly, antivirus as a security technology is not going away any time soon, but in light of the recent successful, high profile attacks, it’s been proven over and over again that AV is no longer a match for the sophisticated methods of attack being employed today.  More encouraging is the almost 50% of combined responses that indicate security scanning and configuration management are in use.

64 percent of respondents revealed there aren’t security controls in place that require a security sign off prior to releasing a new virtual image or template. Existing templates are often used when creating new virtual servers; however an overwhelming majority of respondents say there are no security controls in place when new templates are created.  This is an area of significant concern, as these templates, either by leveraging outdated unpatched software, or by proliferating mis-configured systems could introduce increased risks across the enterprise.

It’s encouraging that almost 65 percent of those surveyed did in fact follow some sort of hardening guidelines, either from the virtualization vendor themselves or from a security or networking vendor.  Hardening guides are great resources for administrators, who might not be full-fledged members of the security team, but are now able to do their part to reduce risk on an ongoing basis. More often than not, it is a simple security best practice that is neglected when a high profile attack occurs, and could have been easily prevented. It is well documented that most successful attacks leverage known vulnerabilities that could easily be patched.

A few essential steps in the right direction can prevent attacks, maintain compliance and allow restful sleep at night, as opposed to reacting and cleaning up a mess of a breach or surprise audit. The overarching idea is to create a more holistic approach to include virtual environments as part of an overall security strategy. One step must be to enable (and hopefully inspire) the teams on the front lines – the virtualization administrators themselves. We can no longer sacrifice security for efficiency or uptime, as the results have been devastating for too many organizations. This means, however, that the industry itself has to create a set of tools that those administrators can easily learn and incorporate into their existing workflows. 

There are strong indicators that there still continues to be a division of labor (and quite possibly, communication) between Security and Operations, and addressing that can significantly help. With today’s security technology, virtualization administrators can be effective participants in the security lifecycle without interrupting daily work flow. Administrator communication with security teams along with leveraging automated security and reporting solutions for virtualized data centers help fill the gap and gives people the people on the front lines of virtual data center operations the knowledge and resources to make them part of the solution.

Written by: Brad Hibbert, Vice President, Product Strategy and Operations at BeyondTrust

Featured Resources:

Related Articles:

Categories:
DABCC DABCC.com, the world leader in sharing the finest Virtualization & Cloud news and support resources. #Citrix, #VMware, #Microsoft, #Mobility and much more! Brought to you by @douglasabrown & team!
| LATEST RESOURCES

White Papers

    Top 7 Challenges Migrating to the Cloud White Paper

    Moving mission-critical workloads to the cloud delivers a range of compelling business benefits, including increased agility, pay-as-you-go cost structures, and the ability to leverage the provider’s system administration experts to keep your systems up, running, and patched. But migrating to the cloud is not without its challenges. Focus on solving these known challenges to make […]

    Downloads

      Download ScaleArc Database Performance and Load Balancing Sofware

      ScaleArc offer’s a free, easy, fully featured and supported 30-day trial of the ScaleArc software (formerly iDB). ScaleArc is incredibly easy to implement, with most customers able to get their first cluster up and running in less than 15 minutes from install. Available as an easy to use VM Image, an Amazon AMI, or an […]

      On-Demand Webinars

        Latest Videos

          Citrix Synergy 2017 – Technology Keynote Video

          If the workspace of the future is the key to your digital transformation, then the Technology Keynote is your roadmap. Join PJ Hough, senior vice president of product, for a technical deep dive into Citrix innovation. He will demonstrate how Citrix solves productivity and security challenges with an adaptive workspace experience that enables people to […]

          Views All IT News on DABCC.com
          Views All IT Videos on DABCC.com
          Win a Tesla P100D

          Visit our Sponsors!


          Close