Virtualisation security creating unmanageable complexity, Trend Micro survey finds

Data centre angst

The difficulties of integrating virtualised servers with the software necessary to secure them is creating unmanageable complexity that risks undermining the needs of both, a Trend Micro snapshot of European IT manager opinions has found.

The questioning of 100 IT decision makers in the UK, France and Benelux uncovered a range of problems that tend not to be mentioned by the fans of simple server provisioning, often cited as one big plus of virtualised environments.

Over half were deploying the same security tools in virtual environments they had used for physical servers, with 45 percent believing they were not well informed about the security products specific to virtualisation. Almost nine in ten across all countries considered that the security demands of virtualisation represented a "struggle".

The explanation for this ranged from the usual moan about a lack of resources to ignorance of the specific security threats, but probably the biggest of all was simply a lack of familiarity and knowledge. A fifth of those asked believed that security professionals lacked the skills needed to secure virtualised architectures.

Eighty-five percent agreed that virtualisation had contributed to growing security complexity.

"When searching for a security solution for virtual environments, cost and ease of deployment regularly take precedence over effectiveness at detecting and stopping threats," the researchers noted.

Who looks after virtual servers and are these the same people that secure them? Given that a quarter hosted theirs in data centres while about a third located it both on-premises and offsite, not surprisingly there was sometimes confusion about who was responsible for security.

"Given that third party hosting of virtual machines isn't exactly a new concept, it's surprising that organisations are still unsure over where responsibility lies for security management," said Trend Micro's technical director, Michael Darlington. "We need to look at introducing industry-wide guidelines to provide businesses with clarity here, ensuring that they are working with data centre managers to protect their virtual assets in the best possible way."

Trend Micro's advice is that organisations invest in dedicated security products built to secure virtualised environments, which of course dovetails neatly with its own interests in selling such systems.

"In a dynamic virtual network, security should be built in from the outset instead of being treated as a bolt-on. IT transformation is at its most impactful when security and virtualisation experts work together to create a solution that reduces cost and improves productivity whilst managing risk," said Darlington.

Organisations should also invest in their staff and not simply assume the necessary skills will be picked up over the course of time. Having a single security model applied across all resources also helped with this.

Organisations have started waking up to the fact that virtualised environments come with their own set of vulnerabilities that need tending to. This includes mundane ones such as software flaws; last week VMware warned of issues in its ESX and ESXi hypervisors and in vCenter Server Appliance and vSphere Update Manager to pick on only one recent example.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancetrend microsecurityhardware systemsData Centre

More about Trend Micro AustraliaVMware Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts