22 April 2009 — While adverse global economic conditions may be affecting other sectors of the IT market, the virtualization explosion continues. However, in the rush to take advantage of the cost benefits of virtualization, many firms may be compromising their security, according to IP-based security and unified threat management (UTM) specialist, Clavister.

A recent YouGov[1] survey commissioned by Clavister found that more than 40 per cent of IT directors and managers that have implemented server virtualization may have left their IT networks open to attack because they wrongly believed that security was built in.

This lack of understanding is one of the most dangerous misconceptions surrounding virtualization and it was recently highlighted as the target for new security threats by respected analyst firm, Gartner [2].

Andreas Åsander, VP product management at Clavister said: "Securing the virtual environment cannot be approached in the same way as the physical environment as virtualization offers new points of attack and gives access to a far wider number of applications than a traditional physical server.
”It is vital that IT staff take steps to achieve the same level of security as their physical environment, but by its very definition, the virtual environment is constantly changing and so it is impossible to use the same security solutions."
The misconception is that everything is secure because the environment is still protected by a firewall but the reality is that this is absolutely not the case.  In the virtual environment traffic does not have to leave the virtual infrastructure at all so is therefore not checked and protected by the firewall.

Åsander continues: “Problems can come from employees who have direct access that is not protected by firewalls and a worm or Trojan can infect a less secure machine, such as a community portal or forum on the Web server. Segmentation in a physical environment prevents these from spreading but in a virtualized environment you do not have that segmentation so a hacker in your Web system can easily jump over to your financial systems or databases.”

Clavister has developed a four step strategy to ensure that the virtual environment is secured:
Understand how virtualization will affect data security in your new environment
Incorporate virtualization into your security policy
Ensure that you know what you need to do to maintain security in a virtualized environment
Check that you have the right technology solutions in place to meet the needs of your particular organisation and the most appropriate tools and processes for smooth implementation and efficient administration.

For more information on virtualization security you can listen to a podcast with Andreas Åsander at ADD URL, and to download a whitepaper on this much misunderstood technology, please visit www.clavister.com

[1] All figures, unless otherwise stated, are from YouGov Plc.  Total sample size was 212 private sector IT or Telecoms Directors and Senior Managers. Fieldwork was undertaken between 22nd - 29th September 2008.  The survey was carried out online.

[2] Source: Gartner Identifies the Top 10 Strategic Technologies for 2009 Gartner, October 14 2008