Virtualised servers face security questions

Mar 16, 2010 8:42 AM
Filed under Technology

Rush to replace physical servers could leave firms vulnerable.

Analyst Gartner today warned that by 2012 just under two-thirds of all virtualised systems would be less secure than the physical servers they are designed to replace.

The analyst said that it was not virtualisation that was at fault but the way it was implemented, and it cautioned against rushing into a rollout without involving the necessary security professionals.

"Virtualisation is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualised workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

Gartner has identified a number of common risks, as well as the means for coping with them. As well as involving security professionals, other suggestions include firms monitoring their systems with as much scrutiny as they do their internal ones.

Gartner added that firms should opt to work with "security vendors that span physical and virtual environments with a consistent policy management and enforcement framework".

It added that the virtualisation layer should be treated as the most critical x86 platform in the enterprise datacentre. It warned that hackers were already targeting the layer and said that firms should keep it patched and up to date.

In its report, it added: "Virtualisation vendors should be required to support measurement of the layer on boot-up to ensure it has not been compromised. Above all, organisations should not rely on host-based security controls to detect a compromise or protect anything running below it."

The report is available through Gartner's web site.

Follow us on Facebook and Twitter

Copyright ©


Virtualised servers face security questions
Top Stories
Eight topics that had Aussie AWS partners talking in Vegas
Resellers pass judgement on Amazon's re:Invent conference.
The Aussie channel verdict on Dell-EMC merger
Thomas Duryea, Infront, SureBridge and Murdoch Webster Technology weigh-in.
Serial acquirer RXP reveals 13th buyout
More digital design expansion for the IT channel.
Sign up to receive CRN email bulletins
Has consolidation gone too far in the telco/ISP industry?

Latest Comments
CRN Magazine

Issue: 342 | September 2015

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.