Virtual infrastructures continue to grow in importance for enterprises worldwide and securing virtual environments is top of mind for the majority of IT departments, but a recent survey has revealed that as many as one out of four IT professionals “have little or no understanding” of their virtualization security options.
The survey conducted by endpoint security solutions provider Kaspersky Lab also found that while 64 per cent of some 4,500 IT professionals worldwide contend that security should be one of the first considerations when rolling out a virtual environment. What is worrisome is that 46 per cent believed that virtual environments can be adequately protected by conventional security solutions and 36 per cent said security concerns in virtual infrastructures are “significantly lower” than in physical environments.
These findings “highlight a clear disconnect” between how organizations perceive security for virtual environments and the tools available to handle the job, according to Mark Bermingham, virtualization evangelist for Kaspersky Lab.
“Businesses today face an ever-evolving threat landscape and cybercriminals are increasingly looking at virtual environments as the next frontier of sophisticated attacks,” he said. “With many businesses turning their attention to securing virtual environments, it is critical that they execute these initiatives and understand their options for securing these business-critical environments.”
The Kaspersky survey covered 27 countries including Canada. More than 54 per cent of participants were from mid-sized, large and very large companies. About 25 per cent of the participants were from companies with anywhere from 25 to 1,500 employees. The survey was carried out from April 2013 to May 2014.
The use of virtual environments to support core business applications and operations is not showing any signs of slowing down. For example even for the lowest rate of planned virtualization growth (financial and account applications), respondents projected an increase by 48 per cent in the next 12 months.
Fifty two per cent of respondents agreed that virtualization environments are increasingly forming a core part of their business IT infrastructure.
The diagram below shows what key functions companies are implementing on physical and on virtual infrastructures:
Other key findings were:
- The survey found that server virtualization is the most common form of virtual infrastructure. It is implemented in companies of 55 per cent of the respondents. And additional 6 per cent plan to adopt server virtualization within the next 12 months
- Desktop infrastructure infrastructures (VDI) were adopted by 25 per cent of businesses with another 10 per cent planning VDI projects in the next 12 months
- The three most common functions implemented on virtual infrastructures are, email and communications applications (42 per cent); database applications (39 per cent); and financial management and accounting applications (32 per cent
- Forty three per cent of respondents said security concerns were “an important barrier” to implementation of virtualized infrastructure and 41 per cent said they “struggled to manage the security solutions” for their virtual environments
- Only 32 per cent reported having a “fully implemented” security solution for their virtual network. Within that group, 58 per cent reported having a “virtual aware” agent-based anti-malware for virtual machines (VMs)
Kaspersky found that 53 per cent of businesses using virtual infrastructures are only “partially implementing” a security solution to secure VMs. Of this group, 29 per cent used agent-based solutions, 35 per cent used agent-less solutions and 27 per cent used light-agent solutions.
The security company said IT managers and C-level executives should take time to understand the strengths and limitations of different security solutions for virtual infrastructures. For instance virtual-aware physical security solutions may be appropriate for some VMs, but security solutions built specifically for virtual environments will offer better performance and protection.
Using same security solutions to protect physical endpoints for VMs can seriously hinder performance optimizations.
IT administrators should pay special attention to network traffic and performance losses in larger virtual deployments and determine if physical security may be negating the return of investment (ROI) from the company’s virtual infrastructure, according to Kaspersky.