October 04, 2011, 9:54 AM — We’re using the same tools to secure both physical and virtual servers! So say the majority of respondents in a new survey conducted by Gabriel Consulting Group (GCG) and released by McAfee.
More than 140 data center-savvy personnel in organizations ranging from small and midsize businesses (SMBs) to very large multinational firms were queried during the third quarter of 2010 on everything from their current security effectiveness (i.e., is their data center security keeping pace with the ever-increasing volume and sophistication of attacks) to their views on whether security concerns slowing the adoption of private or public clouds. The “2011 Data Center Security Survey” is available for download here.
So, back to the finding about the types of tools securing physical and virtual worlds. When asked, about 70 percent said they use the same security mechanisms for physical and virtual systems. Only a little more than 20 percent disagreed with that sentiment (and the remaining few didn’t know one way or the other – yikes).
More than a year ago, Gartner Group issued research findings that estimated 60 percent of virtual servers – at that time – were less secure than the physical servers they were replacing (you can see an article on that here, in Network World. Gartner also predicted, at that time, that such insecurities would remain in place until 2012.
The reason is clear: security issues associated with virtualization, and virtualized workloads, are different.
As Gartner put it back then, although IT operations may think they already have the skills to secure the workloads, operating systems and hardware underneath (because you know, nothing really has changed there), the fact is that there is a new layer of software – the hypervisor and virtual machine monitor – that have to be taken into account. This new layer contains new vulnerabilities, Gartner explained. And if there’s a threat to the virtualization layer, it could harm all hosted workloads.