RSS Alerts

Related Links

Related Stories

  • Virtualization: virtually a commodity
    Virtualization is a welcome medicine for many of IT's irritating symptoms. But is there a risk that basic information security hygiene will suffer as a result? William Knight investigates
  • Information security goes green
    Green IT has gone mainstream. The last year has seen corporations such as Citigroup establishing their environmental credentials by opening green data centers. But how do the separate disciplines of green IT and information security come together? Robin Arnfield reports
  • An Olympic Effort to Secure the Games
    Managing the security of the 2010 Olympic Games in Vancouver is no mean feat. Danny Bradbury went behind the scenes at the Olympic site to talk to the people who are tasked with ensuring the event goes smoothly
  • Security concerns hasten Google’s move off Windows
    Google is moving away from the Microsoft Windows operating system in favor of the Apple Mac OS and open source Linux because of security concerns after its Chinese operations were hacked in late 2009.
  • Battle of the Internet Browsers
    Browsers are the hacker’s window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and looks at why user education is one of the primary solutions for increased security

News

Virtualization could double in 2010, but what about security?

03 September 2009

The number of organizations with at least half of their servers virtualized is expected to double in 2010 to 51%, according to a survey of 480 IT professionals about virtualization conducted by identity and access management vendor Centrify Corporation.

The survey found that organizations are deploying a wide range of virtualization platforms including virtualization technology built into UNIX, Linux and Windows operating systems.

VMware has the highest penetration with 60%, and almost a third said they use VMware exclusively. Around half of those using VMware said they expect to increase their usage of these virtualization platforms, and the other half say they may evaluate other virtualization platforms in the future.

When it comes to hypervisors (a computer/hardware platform virtualization software allowing multiple operating systems to run on a host computer simultaneously), 58% of respondents said they have hypervisors from more than one vendor.

According to Centrify, they are deploying bare-metal hypervisors from vendors such as VMware and Citrix at the same time as leveraging virtualization technology built into the latest AIX, HP-UX, Solaris, Linux and Windows operating systems. Over 24% of virtualized environments have no VMware, but use virtualization solutions from Microsoft, IBM, Citrix, Sun, HP and others.

Security issues

Despite the increasing use of virtualization, users were not confident about whether they had complete control of the security of their virtual systems. Security, compliance and operational issues were the top three concerns.

A majority (70%) believed they had orphan accounts on UNIX/Linux, 44% shared root passwords, and 55% were unsure about how well they managed privileged user accounts. Security concerns were also the leading reason (46%) that virtualization could be slowed.

Less than a third (28%) of respondents said they were “strongly confident” in the security of their physical servers, and even fewer (20%) were strongly confident about their virtualized environment.

A CSO of one of the responding organizations with thousands of servers and more than 80 000 employees, said: “We are playing catch-up, cost drivers pushed virtualization without [us] properly looking at [the] security impact.”

Frank Cabri, vice president of marketing and product management at Centrify, said: “Because creating a new server in a virtual environment is as easy as copying a file – and in some instances the software is free – the rigor that used to accompany setting up a server has been bypassed. Ensuring appropriate access controls and privileges is critical in this environment.”

 

This article is featured in:
Application Security Compliance and Policy Identity and Access Management Internet and Network Security Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water