IT Pros Doubt Security Of Virtualized Environments, Study SaysIT Pros Doubt Security Of Virtualized Environments, Study Says
Majority of survey respondents don't think current security tools and practices will cut it in the cloud
April 30, 2010
IT professionals are harboring some serious doubts about the security of virtualized environments, according to a study published yesterday.
The survey (PDF), conducted by security vendor Prism Microsystems, indicates that IT pros don't see virtualized environments as being inherently less secure than their traditional counterparts, but they are not confident in their current ability to monitor and manage the security of the cloud.
In the survey, 85 percent of respondents said they have virtualized at least some of their servers. Yet only 28 percent of respondents expressed confidence that their virtual environment is as secure as the rest of their IT architecture.
Nearly half (46 percent) of respondents disagreed with the statement that current security tools are sufficient to provide visibility into the virtualized environment, and almost 25 percent were unsure. When asked if threats to the virtualized environment could be mitigated using current best practices, the majority of respondents responded negatively or were unsure.
The biggest fear among the respondents (58 percent) is that the hypervisor will create a single point of entry into multiple machines. Respondents are also concerned that virtualization will create a new layer that could be attacked (56 percent), and that the sprawl of virtual machines will reduce security visibility (54 percent).
And so far, not many have gained that visibility, the study says. At the hypervisor layer, only 29 percent said they are collecting logs, 17 percent are reporting on activities and controls, 23 percent are monitoring user activity, and 18 percent are tracking access to critical data and assets.
More than half of respondents (51 percent) cited budget issues as the primary inhibitor to securing virtual environments.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023