RSSVirtual Server Security
Gartner reports that 60% of virtual servers are less secure than their physical counter-parts. Refreshingly, instead of beating on the "virtual/cloud environments are not safe!" drum, their analysis focuses on the novelty of the technology in many organizations and the informal roll-out processes that often accompany informal or untested experimentation and un-explored deployment models. Specifically, they point out that many operations teams simply view the implementation of virtualized servers as a straightforward transition of already understood environments between otherwise indistinguishable physical and virtual environments… a failing I have been guilty of myself. Some 40% of virtualization projects are planned without involvement from any security professionals (although, I have to wonder what the percentage of physical implementations are planned with security involved at the outset?) and the attendant vulnerabilities in the virtualization layer are never addressed.
The good news is that people are catching on quickly and the company forecasts that the percentage of affected servers will be cut in half by 2015. So this post is simply here to serve as a gentle reminder; if you aren't thinking about the additional security implications of virtualized environments as you jump on the virtualization bandwagon, it's time to pick up the phone and get your CSO in the room.
