Virtualization Technology News and Information
Virtualization: An illusion of Security

In a bid to boost business efficiency, an increasing number of companies are turning to virtualization technologies. This is hardly surprising: virtualization brings businesses a number of advantages, including cost reduction, increased manageability and improved performance of corporate networks.

However, the advantages always go hand in hand with the risks, which, as practice and statistics show, are often underestimated in many companies. But those who are security conscious can now find effective protection tools on the market.

Server virtualization has already become a significant trend. This type of technology has long been popular and occupies an important place in the IT infrastructure of all kinds of GCC companies. Desktop Virtualization (Virtual desktop Interface, VDI) has not yet become as widespread, as it is typically used by companies whose employees perform routine, strictly regulated tasks, e.g. call center employees, and bank transaction officers.

Only a relatively small proportion of organizations need such work places. On the other hand, desktop virtualization technologies continue to develop, and large GCC companies are increasingly implementing VDI pilot tests. Thus, the circumstances are ideal for desktop virtualization technologies to take off in GCC and strong growth in the numbers of VDI implementations is forecast for 2012.

To identify the main trends in virtualization across GCC companies, Kaspersky Lab has conducted a survey among IT specialists who are responsible for maintaining and securing the IT infrastructure for organizations with corporate networks of over 100 desktops.

The survey revealed that 61% of the companies surveyed currently make use of server virtualization, or plan to implement it in the coming year. This figure amply demonstrates how popular and recognized the technology has become. Companies recognize the advantages and benefits it brings, and more and more are set to introduce virtualization in the future.

Incidentally, companies in Europe and North America are introducing server virtualization at even faster rates. According to a Forrester survey, 85% of companies already have or plan to implement server virtualization.

Most applications that companies use in virtual environments are business-critical; these are databases, email services, ERP and CRM systems. This setup is the opposite of what we saw a few years ago when virtualization was just starting to gain popularity. Back then, companies introducing virtualization in their corporate networks moved the least important applications into a virtual environment. This was done in order to get acquainted with the technology and see how it meets the organization’s requirements. Also, virtualization technologies were not as well developed. The fact that many of today’s critical applications have migrated into virtual environments demonstrates that organizations now put great trust in this technology, while the technology itself has reached maturity.

Kaspersky Lab experts have noticed that there is a persistent myth that virtual machines are more secure than physical computers. This was corroborated by the survey we have undertaken: more than half of the respondents thought that IT security risks are lower for a virtual environment than those facing a physical system. However, this notion about threats to IT security in virtual environments is not only unreasonably optimistic – it is fundamentally wrong.

A virtual environment is subjected to lots of the same threats – malicious attachments in emails, drive-by attacks, Trojans, targeted phishing etc. – which physical environments are subjected to.

According to Forrester’s recommendation on “How to get into the virtualization security game”, companies should do the following: 1) apply the Zero Trust Model of information security to their network architecture; 2) consider virtualization-aware security solutions going forward; 3) implement privileged identity management; and 4) incorporate vulnerability management into the virtual server environment.

Kaspersky Lab recently announced the release of its latest security technology to ensure businesses will “Be Ready for What’s Next.” Kaspersky Security for Virtualization – built from the ground-up by Kaspersky Lab’s internal team of security experts – is focused on protecting evolving corporate IT infrastructures from malware and cybercriminals.

Published Monday, June 18, 2012 5:57 PM by David Marshall
Filed under:
Virtualization: An illusion of Security « VT News - (Author's Link) - June 18, 2012 6:46 PM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<June 2012>