Virtualisation Security: As Easy As Fastening A Seatbelt

Security exists to protect the tangible things in life. If something is deemed special enough to be protected, we do so with highly visible declarations of security. For example, deadbolts on doors are large and comforting; alarm systems used to protect buildings are there for all to see and seatbelts in cars tell the world that we are taking our safety seriously.

Whilst protecting homes and possessions is simple human behaviour, there are important aspects of day-to-day life which sadly go unprotected – especially in business. This is down in part to the rapid technological revolution that businesses have been privy to over the past few decades.

Fifty years ago important documents could simply be kept under lock and key in a secure file room – but in this decade of technological advancement, important documents no longer exist in their paper form alone.

Emails, computers and IT systems became commonplace in a very short amount of time; leaving storage and security struggling to keep pace. Inevitably, as the volume of this data grew, space became an issue. This is where virtualization really came to the fore. Virtual storage allows companies to store far greater volumes of information without investing in expensive, space sapping servers. It appeared to offer the perfect solution, and prompted a boom in popularity.

Indeed, a study by leading analyst Gartner charts the rise and rise of virtualization, predicting that approximately half of all x86 architecture server workloads will be virtualized by the end of 2012.

But although virtualization has grown in popularity, securing virtual environments has lagged behind. While companies have been fast to virtualize, they have been slow to secure and contrary to popular belief, this is not down to the lack of threats.

Security threats in the virtual space – particularly from malware – are greater than ever before.

There is a common perception that virtual machines are more secure than physical ones, but this is little more than a myth. In fact, virtual systems are just as vulnerable to malware in the form of malicious email attachments, drive-by-downloads, botnet Trojans and even targeted ‘spear-fishing’ attacks.

The same Gartner study found that in 2012, two thirds of virtualized servers will be less secure than the physical servers they replace. This is even more disconcerting when Kaspersky’s own study also found that 81 per cent per cent of services launched in virtual environments are business critical.

Sadly, many businesses are guilty of undercutting the inherent benefits of virtualization when they fail to properly implement anti-malware solutions to protect from data loss and cybercrime. Technology has revolutionised business, but it is only possible to reap the rewards if sensitive data is adequately secured and protected.

Choosing the right type of virtualization security is almost as important as deciding to secure your virtual environment in the first place. For starters, it’s a fact that some anti-virus implementations can bog down the virtual infrastructure, reducing consolidation ratios and limiting ROI.

According to a study, 61 per cent of IT professionals cite performance as the most important factor when assessing the effectiveness of virtualization security, so choosing a programme which allows for the smooth running of IT systems is imperative.

Information is like oxygen to a business, so all possible measures should be taken in order to protect it. As well as the risk of theft and public embarrassment, leaving virtual servers unsecured opens your business up to the possibility of a serious and costly data breach.

Investing in virtualization security is business common sense, but it should not be undertaken lightly. Extensive research into your business’ requirements, as well as a thorough assessment of the products on offer is undoubtedly time well spent. An element of education is also advisable, especially given that my company found that 41 per cent of IT staff rate their knowledge of virtual environments as ‘basic’.

Virtual environments may not be tangible, but this is not to say that they do not require adequate security and protection. Putting the locks and bolts onto your virtual servers is just as easy as fastening a seatbelt providing you have the necessary expertise in your armoury.

As the company’s senior product marketer, Peter Beardmore is responsible for all aspects of product launches, positioning, and sales training for Kaspersky’s corporate and consumer security software portfolio. Prior to joining Kaspersky in 2008, he was Senior Product Marketing Manager for Government Business at RSA, The Security Division of EMC. Peter began his career in the US Army, serving in capacities including Tank Platoon Leader and Communications Company Executive Officer. He later held a variety of sales, marketing, and business development positions at Cabletron Systems, Enterasys Networks, and Colubris Net¬works. He also ran a search engine marketing firm for several years, focused exclusively on small business customers.