Orange you glad you learned about this security system? By Paula Bernier

Views and Opinions on Green IT (Mar 26 2010)

1. 

   If the virtualization space followed the Department of Homeland Security’s color-coded scheme, it would probably be within the yellow range at best. Maybe even in the orange.

    Yellow stands for “elevated”. Orange is “high”.

    So this is not good news. But that’s not to say virtualization itself leads to security problems.

    "Virtualization is not inherently insecure," says Neil MacDonald, vice president and a fellow with research and consulting firm Gartner Inc. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

    Gartner reports that through 2012, 60 percent of virtualized servers will be less secure than the physical servers they replace. However, the firm expects that to come down to 30 percent by the end of 2015.

    Although things are headed in the right direction, Gartner says there’s a key problem here that organizations need to consider when moving to virtualized servers, and that is that these projects often fail to involve information security experts during the engineering and deployment processes.

    “Typically, the operations teams will argue that nothing has really changed — they already have skills and processes to secure workloads, operating systems and the hardware underneath. While true, this argument ignores the new layer of software in the form of a hypervisor and virtual machine monitor that is introduced when workloads are virtualized,” writes Gartner.

    Luckily, there’s plenty of time to address this apparent oversight, as Gartner reports that at the end of last year only 18 percent of enterprise data center workloads that could be virtualized had made that transition.

   Bookmark or Share this article

Login to comment.

Related Articles