IT Ops, Security Pros at Odds over Virtualization Risks

Does transitioning to virtualization increase security risks within a company?

By Ellen Messmer

Thu, December 18, 2008Network World Does transitioning to virtualization increase security risks within a company?

IT managers appear to be at loggerheads with IT security professionals over that question, even while sharing similar opinions on where risks might lie, according to a new survey.

The 2009 Security Mega Trends Survey from research firm Ponemon Institute -- which also looked at attitudes on other topics, such as outsourcing and Web 2.0 technologies -- shows roughly two-thirds of IT operations staff who responded said they felt virtualization of computer resources did not increase information-security risks. But about two-thirds of information security professionals surveyed felt the opposite way.

A full three-quarters of the survey's 1,402 respondents, all active in U.S.-based private sector firms or government agencies, said their organizations had already implemented virtualization of their computer resources, with about 90% in both the IT and security camps saying they were "familiar" or "very familiar" with virtualization.

The survey reflects the often upbeat attitudes about virtualization expressed by experienced IT pros about how the technology, most commonly that of VMware, Microsoft of Citrix Xen, is bringing them the benefit of server consolidation.

"We started virtualization in a development and test environment, and now the main applications we have using VMware in production instances are file and print servers," says Rich Wagner, director of IT infrastructure at Columbus, Ohio-based Hexion Specialty Chemicals. Wagner says virtualization hasn't raised red flags as far as security requirements. The main concern, he says, is "from a performance standpoint -- the CPU and memory and disk I/O -- in sharing a large box," with database servers seen as a resource-intensive application that might not be well-suited for virtualization.

There's a far more skeptical view of virtualization security often expressed by seasoned IT security pros, who harbor doubts that vendors on the virtualization front have really sorted out or addressed the risks associated with the underlying hypervisor transformation.

"The security for the virtualization itself is way, way behind," says Nelson Martinez, systems support manager for the City of Miami Beach, who is responsible for IT security in systems used by the city's 2,000 employees. Martinez says the city does make use of VMware for some Web servers, but "I would never host any kind of database or my e-mail server in that environment." There are performance and maintenance issues in running traditional security applications for each VM host application on each physical machine, while the industry still seems to be sorting out the security role the hypervisor can play, Martinez notes.

Loading...
Virtualization Vendor Matrix

Find out what vendors offer the products you need.

View the Vendor Matrix »
Virtualization ABCs

Get up to speed on virtualization.

Learn More »
Virtualization MarketSpace
White Papers
Maximum Efficiency Gains with Virtualization
Learn best practices to optimize your infrastructure and operations department and gain the most from virtualization. Learn more »
Manage Virtualization Initiatives
Learn how you can better manage virtualization initiatives to recognize this technology's maximum value. Learn more »
 
SPONSORED LINKS
 

Developing A Dynamic, Real-Time IT Infrastructure

Mid-Sized Company CIO Community: infoBOOM!

Read about virtualization and consolidation effort best practices

Building the Virtualized Enterprise with VMware Infrastructure

8 Key Ingredients to Building an Internal Cloud

White Paper: The Building Blocks for Cloud Computing

Taking the Service Desk to the Next Level

Why Data Loss is Increasing--and What You Can Do About It

Data Loss Prevention: A Better Way to Approach Security

Learn how to managing client systems in the enterprise.

Enterprise PBX Buyer's Guide

Secondary Market Primer: Your Network at Half Price

Top-line Performance that's Bottom-line Efficient

Accenture: Outsourcing for uncertain times. Click to learn more.

Learn about the VMware vSphere (TM) & Intel (R) Xeon (R) Processor 5500 Series

Data Center Optimization: Three Key Strategies

Oracle WebLogic Server Technical Demo

Data Grids and Service-Oriented Architecture

Achieving the Impossible: Unlimited Application Scalability

A Middleware Foundation for Application Grid

Tips for successful virtualization management.

Smart Decisions: The Role of Key Performance Indicators

Gartner Shares Predictions for 2009

64-page prescriptive guide to security, compliance, and IT operations.

Get Google Enterprise Search for your business information.

Cloud Computing: Read about VMware's compelling vision & set of products

White Paper: 8 Key Ingredients to Building an Internal Cloud

Learn how a virtualized enterprise can help your company reduce costs

Why Isn't Server Virtualization Saving Us More?

Bottom-Line Benefits of Virtualization

A CIO Executive Guide: Cloud Computing Looms Big on the Horizon

Seven Ways ITIL Can Help You in an Economic Downturn

Maximizing the Business Value of the PC Infrastructure

Communications and Collaboration Needs at Business Organizations

Using Open Source to Deploy Web Applications

Enterprise PBX Comparison Guide

Getting Value from Outdated Networking Equipment

Accenture IT Consulting: Logical meets technological. More . . .

Stop Application Fraud at the Source with Device Reputation

Top 10 Business and IT Drivers for the Wealth Management Sector

Oracle's Application Grid Technical Demo

Next-Generation Application Servers and Infrastructure

Application Infrastructure at Enterprise Organizations

Achieving Business Agility with Application Grid

Learn about The Information Technology Infrastructure Library.

Achieving Pervasive Performance Management

Automating the Generation and Secure Distribution of Excel Reports

Reduce risk, gain agility. See how Progress can help your business.

Improve ROI, lower TCO and reduce energy consumption.

Introducing the new HP ProLiant G6 server family

 
 
RESOURCE CENTER