Server virtualisation is exposing business IT networks to
attack because many IT directors are unaware of the security risks,
a survey has revealed.
More than 40% of IT directors who have implemented server
virtualisation mistakenly believe security is built in, the YouGov
survey of 200-plus IT directors shows.
Server virtualisation, which reduces the need forphysical
servers, is becoming increasingly popular because of the
environmental and
cost benefits.
Virtualisation also enables companies to
use existing servers to full capacity by enabling a single
server to run multiple operating systems.
Without virtualisation, a company would have to have a separate
server for each operating system needed to run its business
applications.
Around 38% of companies are using the technology, according to
the survey commissioned by security firm
Clavister.
Andreas Asander, vice-president product management at Clavister,
said it was dangerous for companies to believe that virtual servers
are automatically secure.
"Virtualisation offers new points of attack and gives access to
a far wider number of applications than traditional servers," he
said.
IT departments should take the same security steps with
virtualised servers as they do with physical servers, said
Asander.
IT directors and managers considering server virtualisation
should:
- Include virtualisation in the security policy
- Use virtual security gateways inside the virtual
infrastructure
- Allow access to the virtual administration centre only from a
separate network
- Allow only few administrators access to the virtualisation
management tools
- Evaluate and test security on a regular basis.
Asander said companies should test security by taking advantage
of virtualisation technology's ability to allow easy replication of
the production environment to a test environment.