• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Virtualization Can Hurt Security, Gartner Says

    April 16, 2007 Alex Woodie

    Thousands of companies are adopting virtualization to increase the utilization rates of their servers and save money. But unless these companies take pains to properly secure their virtualized IT environments, it can end up hurting their security posture, reducing their agility, and increasing costs, Gartner warned last week.

    While there is a lack of uniformity and standards among virtualization technologies, there is one aspect that all virtualization products have in common, according to Gartner: They create a privileged layer that, if compromised, puts all consolidated workloads at risk. With so many eggs in one basket, it’s even more important to implement good security practices to protect critical data and applications.

    Unfortunately, most companies won’t take these extra steps to implement strong security for virtualized environments, Gartner says, and this will have a predictable effect. The analyst group says 60 percent of production virtual machines (VMs) implemented through 2009 will be less secure than their physical counterparts.

    “Many organizations mistakenly assume that their approach for securing VMs will be the same as securing any OS and thus plan to apply their existing configuration guidelines, standards and tools,” says Neil MacDonald, vice president and Gartner Fellow. “While this is a start, simply applying the technologies and best practices for securing physical servers won’t provide sufficient protections for VMs.”

    But don’t fret: Gartner says there are several steps that companies can take to start securing their VMs. Companies must protect their new weakest link–the hypervisor. They must be prepared to deal with the loss of separation of duties for administrative tasks. They must take pains to ensure the proper patching and signature support for VM and VM appliance images. They must somehow work around the decreased visibility into the host operating system and its network connections, as well as into intra-VM traffic, which needs to be inspected by security software. Companies must also be ready to implement security policies that can cope with VMs that are mobile. Lastly, IT professionals will have to get creative, because the security and management tools to accomplish many of these tasks in VM environments are “immature and incomplete,” Gartner says.

    “Organizations need to pressure security and virtualization vendors to plug the major security gaps,” MacDonald says. “Existing virtualization solutions address some of the gaps, but not all. It will take several years for the tools and vendors to evolve, as well as organizations to mature their processes and staff skills.”

    MacDonald will present more information on the security threats posed by virtualization technologies in a session titled “Securing Virtualization, Virtualizing Security,” during the Gartner Symposium/ITxpo 2007: Emerging Trends event, which is being held in two weeks in San Francisco.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 16, Number 15 -- April 16, 2007

    Sponsored by
    ServiceExpress

    Have questions about Power10?

    Join our IBM Champions for a live Q&A on Wednesday, October 4th.

    In this webinar, you get to decide the topic of conversation.

    Our experienced IBM Power Champions are ready to cover all things IBM Power and IBM i. Submit your questions in the chat and we’ll answer them as they come in.

    While your questions submitted in the chat will be our priority, you can expect us to cover:

    • Options for moving to Power10
    • End of Support for Power8
    • End of Service for IBM i 7.3
    • The IBM i and IBM Power roadmap
    • End of support for TS3100 tape libraries

    Register Now

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: The Process and Pitfalls of Duplicating Libraries Oracle Declares a ‘Renaissance’ for J.D. Edwards World

    Leave a Reply Cancel reply

TFH Volume: 16 Issue: 15

This Issue Sponsored By

    Table of Contents

    • IBM Executives’ iSociety Chat: Direct Sales and a Developer Price Point
    • Massive $74 Billion Consolidation in the ERP Space
    • IBM Goes After Windows with User-Priced System i Servers
    • Lawson Sees Red Ink In Fiscal Third Quarter
    • IBM Upgrades High-End System i5 Servers
    • Vendors Propose Fibre Channel Over Ethernet Standard
    • Wheeling and Dealing to Move System i Iron
    • New 36 GB, 4mm Tape Drive Fills In the VXA Gap for i5 Servers
    • System i and the Web: Where We’ve Been and Where We’re Going
    • Virtualization Can Hurt Security, Gartner Says

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • ARCAD’s Deal with IBM for DevOps In Merlin Is Exclusive
    • In The IBM i Trenches With: Maxava
    • Is The Cloud On Your IBM i Horizon?
    • Four Hundred Monitor, September 20
    • IBM i PTF Guide, Volume 25, Number 38
    • The Subscription Pricing For The IBM i Stack So Far
    • Facing The Challenges Of Upgrading Old Systems With The Cloud
    • Guru: Generating XML Using SQL – The Easy Way
    • Rocket Buys Data Integration Provider B.O.S.
    • IBM i PTF Guide, Volume 25, Number 37

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2023 IT Jungle