Virtualisation breeds a false sense of security

NEARLY TWO THIRDS of virtualised servers will be less secure than the physical machines they replace over the course of the next two years, according to analyst firm Gartner.

The market researchers reckon that companies jumping on the virtualisation bandwagon are doing so without talking to the information security guys in the next room, leaving the configurations full of holes for hackers to waltz through unimpeded.

"Virtualisation is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow.

"However, most virtualised workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

Although server virtualisation is one of 2010's IT buzzwords, Gartner reckons that at the end of last year only about 18 per cent of enterprise data centre workloads that could be virtualised had been, but this figure is climbing and should hit about 50 per cent by the end of 2012.

The report details several reasons why virtualised servers are inherently less secure, predominately due the to the prospect of hypervisor hacking, the lack of visibility and control of communication between the containers and the dangers of workloads of different trust levels operating side by side on the same physical applicance.

Although there are ways of dealing with all of these issues, MacDonald reckons that most IT departments are not giving enough thought to them when designing and rolling out their virtual networks.

However, the light at the end of the tunnel is that around half of these companies will figure out just how patchy these virtualised systems are and step in to rectify the matter in due course. Gartner predicts that as a result around 30 per cent of virtual servers, half the 2012 figure, will be less secure than their purely physical counterparts by 2015. µ