Your search

Your search

Series: Virtualization 2.0 December 07, 2012

Virtualized IT environments need sophisticated security

Best Practice CIO edition: cloud computing experiences and views

Connecting virtualized IT resources with the cloud

According to estimates by Gartner, through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace – though this figure is expected to fall to 30 percent by the end of 2015.
As Neil MacDonald, Vice President at Gartner Research, says, “Virtualization is not inherently insecure. However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

Hackers glean data from virtualized servers

Just a few days ago, researchers in North Carolina proved just how right MacDonald was. Using a manipulated virtual machine, they managed to de-code encrypted data stored on another virtual server. This means that hackers could potentially get their hands on sensitive enterprise data. The Gartner press release also reports that this can become an issue “when these workloads are combined with other workloads from different trust zones on the same physical server without adequate separation.”

A restrictive approach to IT security

Organizations that want to avoid these issues need to take some fundamental security requirements into account. These include a dedicated virtualization security team that has control over all levels of the virtualized infrastructure. In addition, the same strict access controls that apply to other parts of the infrastructure need to apply to the virtualized environment. Again, according to Gartner, “when physical servers are collapsed into a single machine, it increases the risk that both system administrators and users will inadvertently gain access to data that exceeds their normal privilege levels.”

IT security is key from the start

The USA-based National Institute for Standards and Technology (NIST) echoes this sentiment. The authority has recently published a comprehensive brochure that highlights the growing threats that are arising from the increased demand for virtualization. “IT security is an absolute must from the very first planning stages of a virtualization project. It involves much more effort and higher costs to implement security mechanisms after systems have been virtualized,” explains NIST expert Karen Scarfone. In short, when it comes to weighing up the expense of virtualized infrastructures, the cost of security plays a key role – high availability, IT security in general, compliance and data protection require particular attention. Moreover, additional security mechanisms are necessary to prevent attackers from inside and outside the enterprise from penetrating the infrastructure and gaining access to operating systems, services, applications and data. Organizations must be able to offer this level of protection or select a provider with the right skills.  

Related news

September 10, 2012 Solutions

T-Systems and VMware offer AutoScout24 and Actum/G2 flexible data center performance based on the vCloud Data Center Service.

“Because the market changes daily”

AutoScout24 and Actum/G2 first to use new flexible T-Systems and VMware cloud.

June 12, 2012 About T-Systems

T-Systems und VMware schließen Allianz für Cloud Computing.

Cloud alliance

T-Systems and VMware bundle services in cloud computing package.
  • Put document in the InfoBox.
  • Facebook
  • Twitter