Business IT - Technology for your business

No. 1 Story

CIO confidence; a dead cat bounce?

At a time when banks are shedding IT roles by the dozen, it seems counter-intuitive that 83 per cent of the nation’s chief information officers should report they are confident about the future of their business to the extent that 45 per cent expect to hire IT staff in the first six months of the year. The question remains – is this a dead cat bounce?

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

How secure are virtualised servers?

David Heath
Sunday, 22 August 2010 12:58

Business IT - Security

Page 1 of 3

You'd think that a virtualised environment would be a safe way to encapsulate a server, but that appears to be far from the truth.  iTWire recently spoke with BeyondTrust about the issues.

Microsoft Office 365 Get your free Trial

Related Articles

Earlier this year, Gartner released its own research into the security of virtualised environments.  The results weren't pretty.  Gartner estimated that by 2012, 60% of virtual servers will be less secure that the physical servers they replace, although this is expected to drop to 30% by the end of 2015.

The Gartner report identified six major categories of risk:

 

  • Information Security Isn't Initially Involved in the Virtualization Projects
  • A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads
  • The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms
  • Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation
  • Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking
  • There Is a Potential Loss of Separation of Duties for Network and Security Controls


"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

However, according to a BeyondTrust spokesman, "that hasn't stopped 90 percent of virtualized data centers from putting their most sensitive data on virtualized servers.

"Additionally, each virtual administrator has access to several-fold as much data as they would in a traditional environment.

"BeyondTrust is working with VMWare and Oracle to get more of their customers to implement virtual-specific Privileged Identity Management (PIM) systems that monitor, report and control administrative actions in the hypervisor."

iTWire took the opportunity to discuss these issues with BeyondTrust, a new player in the market.


Start 1 2 3 Next 

Sponsored Announcements

SBDC Releases Native IPv6 for all it Broadband Users

Michelle Thomas | Smelly Black Dog Internet is proud to announce that the company has signed up for Simtronic Technologies new wholesale broadband service as an…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases