Secure Your Data Center Operations Before Virtualization
Organizations transitioning to a virtualized or cloud IT model need to invest in security strategy, technology, organization and skills. Vendors need to provide better integration between security and service management plus security tools to better support heterogeneous virtualized and physical environment.
Key points in regards to security virtualization include:
· The major driver of virtualization is the efficiency improvement of data center operations. The least important drivers are preparation for Cloud IT, which is closely followed by meeting Green IT targets.
· The major inhibitor for implementing virtualization security is the lack of expertise and skills to plan and implement it. Around a quarter of organizations believe that virtual environments in general are less secure than physical environments.
· The most important security challenge and concern is around “data sprawl”. This issue is closely followed by concerns relating to the fulfillment of both regulatory compliance and internal audit requirements in a virtualized or cloud environment.
· One key issue highlighted by the survey is that nearly three quarters of respondents are concerned about the far-reaching privileges introduced by hypervisors which might lead to abuse. There are technologies available today to mitigate the risks posed by privileged access in virtualized environments, but these are not widely deployed.
· There is a lack of integration between virtualization, security, and service management with less than half the organizations reporting any type of integration in this area.
· Too many security activities are still dependent upon manual processes, these processes are performed without supporting technology and the scale of virtualization makes this approach untenable.
· By not investing in virtualization security when there are well identified security threats, organizations are taking unnecessary risks which could easily be mitigated.
How does your organization plan to address risks of important data in virtualized environments from falling into unsecured environments?