Virtualization Technology News and Information
Accountability for Virtualisation Security a Tug of War, According to Tripwire Survey

Tripwire, a leader in configuration assessment and change auditing for virtual environments, ( surveyed enterprise IT professionals to assess how vigorously virtualisation is expanding within production server environments and to measure how security, change controls and compliance requirements are keeping pace.

More than 90 percent of those interviewed said that virtualised servers are now deployed in their production environments. In fact, three of four respondents reported that up to half of all their production servers are now virtualised.

While more than 80 percent of respondents said their change management and compliance controls are no different between physical and virtual infrastructure, and 26 percent felt security controls for virtualised servers are actually more stringent, responses indicate that a "tug of war" may be underway over who is accountable for security and controls for virtual servers. Just half of those surveyed felt that ensuring security, change control, and compliance for virtual servers is the responsibility of system administrators and their management. On the other hand, 37 percent of those associated with the Security group claim responsibility for security controls.

Moreover, a serious issue waits for some organisations deploying virtual servers in production environments. The majority of respondents agree that security risks for virtual servers are the result of misconfiguration, not inherent weaknesses of virtualisation technology.

"If an increasingly overworked IT staff is more likely to make mistakes, and configuration errors are the cause of security exposures in virtual servers, then IT management must consider how they can mitigate this risk," said Mark Gaydos, Tripwire VP of Marketing. "As more of the production workload becomes virtualised and those managing virtual servers continue to be overwhelmed, it is apparent that automated configuration control must play a larger role to ensure appropriate server configuration and adequate security."

A majority (69 percent) of respondents agreed that dedicated configuration tools are needed to ensure proper configuration of virtualised servers, with two-thirds of these respondents noting they are in the process of evaluating or planning to acquire such tools over the next 12 months.

The Tripwire survey report, "Is Virtualisation Under Control: Current Opinions on Security and Controls for Virtual Servers in production Environments", can be downloaded for free at

Published Sunday, August 24, 2008 8:54 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2008>