May 04, 2010

Prism Microsystems’ survey indicates lack of planning for security investments, inadequate hypervisor controls and low confidence in virtual environment security

  • Widespread adoption but only 12% solidly down the road to virtualization
  • Only 28% expressed confidence in the security of their virtual environments
  • A majority acknowledged importance of securing the virtualization layer, yet only a small minority has implemented adequate controls at the Hypervisor level.
  • 51% cited budget as a primary inhibitor to securing virtual environments

Columbia, MD – Prism Microsystems, developers of comprehensive SIEM solutions that provide complete security and compliance coverage across both physical and virtual environments, today announced the results of a survey on virtualization security conducted in April 2010. The survey of over 300 IT managers, security personnel, auditors and administrators reveals a significant gap between the speed at which companies are willing to deploy virtualization and their security readiness to address the added complexity that any new technology introduces.

The results of the survey indicate that companies are largely ignoring Hypervisor-level security despite acknowledging the importance of monitoring the virtualization layer for risk mitigation –

At the Hypervisor layer, only 29% are collecting logs, 17% are reporting on activities and controls, 23% are monitoring user activity, and 18% are tracking access to critical data and assets. This goes against established best practices, such as those recommended by Gartner for the virtualization layer: “Activate full auditing and logging and link these into security information and event management systems.” (Gartner, ‘Addressing the Most Common Security Risks in Data Center Virtualization Projects,’ January 2010, Neil MacDonald)

Other best-practices being ignored include separation of duty, with over 65% indicating that they have not implemented separation of duty between IT personnel responsible for the provisioning of virtual machines / virtual infrastructure and other administrator groups. This raises the risk for abuse by privileged insiders – a concern that is shared by over a third of respondents.

A majority of respondents to the survey agree that traditional security products and solutions are insufficient to provide visibility into the virtual environment, yet they continue to use these solutions, citing lack of budget as a primary inhibitor. This implies that in the rush to adopt virtualization, security investments are not being factored in to project budgets. Hidden expenses are never welcome, and by ignoring what could later add up to be significant collateral costs, companies may not realize the ROI and cost-savings initially calculated for their virtualization projects.

When asked about the security of their virtual environments, only 28% expressed confidence that their virtual environment was as secure as the rest of their IT architecture, conveying a strong need for companies to find a more holistic and integrated way of monitoring, securing and managing an increasingly hybrid IT environment. “The reality is the money is just not there for specialty virtual security tools. And even if it was available, that approach is incorrect as it creates another silo of un-integrated security data. In this environment, IT teams have to get the most out of what they have – this means leveraging solutions that do more with less and provide a single point of control to seamlessly monitor the entire IT infrastructure, from the physical to the virtual,” said Steve Lafferty, VP of Marketing, Prism Microsystems.

About Prism Microsystems

Prism Microsystems delivers business critical solutions that transform high-volume cryptic log data into actionable, prioritized intelligence to detect and deter costly security breaches and comply with regulatory mandates. EventTracker, Prism’s leading Security Information and Event Management (SIEM) solution provides coverage across both physical and virtual environments, delivering a single dashboard to monitor the entire IT infrastructure – from servers to workstations, operating systems to applications, network devices to hosts, and physical assets (including USB devices, racks, server hardware) to hypervisors (i.e. those from VMware, Microsoft’s Hyper-V, and management applications such as Dell OpenManage, VSphere, and System Center).