Server virtualisation is exposing business IT networks to attack because many IT directors are unaware of the security risks, a survey has revealed.
More than 40% of IT directors who have implemented server virtualisation mistakenly believe security is built in, the YouGov survey of 200-plus IT directors shows.
Virtualisation also enables companies to use existing servers to full capacity by enabling a single server to run multiple operating systems.
Without virtualisation, a company would have to have a separate server for each operating system needed to run its business applications.
Andreas Asander, vice-president product management at Clavister, said it was dangerous for companies to believe that virtual servers are automatically secure.
"Virtualisation offers new points of attack and gives access to a far wider number of applications than traditional servers," he said.
IT departments should take the same security steps with virtualised servers as they do with physical servers, said Asander.
IT directors and managers considering server virtualisation should:
- Include virtualisation in the security policy
- Use virtual security gateways inside the virtual infrastructure
- Allow access to the virtual administration centre only from a separate network
- Allow only few administrators access to the virtualisation management tools
- Evaluate and test security on a regular basis.
Asander said companies should test security by taking advantage of virtualisation technology's ability to allow easy replication of the production environment to a test environment.