A recent survey of Network World readers revealed that many enterprises fail to apply some of the most basic security policies for protecting virtual servers.
Out of 707 respondents, 36 percent - 250 readers - say they realize virtualization carries an increased security risk, but only slightly more than half have deployed firewalls and segmented critical networks into virtual LANs while the other half have included virtual-machine traffic-awareness in their intrusion-detection sensors. One third of respondents seem to realize that the virtualization layer itself is vulnerable while the rest say they do not believe that virtual-machine platform vendors need to make security integral to their products.
Besides the lack of awareness, an article about network security in CIO-yesterday says that many organisations are also experiencing virtual-machine sprawl, in which users with too much privilege are setting up virtual environments without the IT provider's knowledge because they are easy to deploy and hard to track in a network.
Some solutions that could help companies track and remove rogue builds include VMware's Virtual Center management software, Novell's ZenWorks and Microsoft's System Center Virtual Machine Manager. CA, HP and Network General have added varying degrees of virtual-machine awareness into their suites as well.
Being able to locate virtual machines will help alleviate security risks involved with the lack of licensing and product support for rogue virtual machines. These tools will also help terminate illegitimate virtual machines and failing over to other secure systems if a load balance, infection or attack makes it necessary.
Return to hosting news headlines
View Hosting News Archive