Comment: Survey reveals dangerous lack of knowledge about virtualization

More than forty per cent of IT directors and managers that have implemented server virtualization may have left their IT networks open to attack because they wrongly believe that security was built in.

These shock findings were revealed today when network security vendor Clavister published a survey it commissioned from international research and consulting organisation, YouGov.

With virtualization now one of the boom technologies of the IT world, the extent of the problem was emphasized when 38 per cent of survey participants admitted that they had already implemented the technology. Virtualisation brings environmental benefits, cost savings and management efficiencies.

"When companies implement virtualization, it is very dangerous for them to believe that everything is automatically secure because they can actually face new security threats," explains Andreas Asander, VP product management at Clavister.

"Virtualization offers new points of attack and gives access to a far wider number of applications than a traditional physical server. It is vital that IT staff take steps to achieve the same level of security in their virtualized environment that they had in their traditional environment."

Clavister has developed a five-point check-list for IT managers and directors who are considering the adoption of virtualization. They should:

1. Re-define the security policy to include the virtualization aspect

2. Use virtual security gateways which run inside the virtual infrastructure

3. Protect the virtual administration center and only allow access to this from a separate network

4. Limit the number of administrators who have access to the virtualization administration tools to a minimum

5. Evaluate and test the security level on a regular basis. Replicating the production environment to a test environment is easy with virtualization and this should be utilized.

404

Sorry! Page not found.

The article you requested has either been moved or removed from the site.