There’s a significant gap between the speed at which companies are willing to deploy virtualization and their security readiness to address the added complexity that any new technology introduces, according to a Prism Microsystems survey of over 300 IT managers, security personnel, auditors and administrators reveals
The results of the survey indicate that companies are largely ignoring Hypervisor-level security despite acknowledging the importance of monitoring the virtualization layer for risk mitigation.
At the Hypervisor layer, only 29% are collecting logs, 17% are reporting on activities and controls, 23% are monitoring user activity, and 18% are tracking access to critical data and assets.
Other best-practices being ignored include separation of duty, with over 65% indicating that they have not implemented separation of duty between IT personnel responsible for the provisioning of virtual machines / virtual infrastructure and other administrator groups. This raises the risk for abuse by privileged insiders – a concern that is shared by over a third of respondents.
A majority of respondents to the survey agree that traditional security products and solutions are insufficient to provide visibility into the virtual environment, yet they continue to use these solutions, citing lack of budget as a primary inhibitor. This implies that in the rush to adopt virtualization, security investments are not being factored in to project budgets.
Hidden expenses are never welcome, and by ignoring what could later add up to be significant collateral costs, companies may not realize the ROI and cost-savings initially calculated for their virtualization projects.
When asked about the security of their virtual environments, only 28% expressed confidence that their virtual environment was as secure as the rest of their IT architecture, conveying a strong need for companies to find a more holistic and integrated way of monitoring, securing and managing an increasingly hybrid IT environment.
The complete survey is available here.