• United States



by Ellen Messmer, Network World

Gartner Says Virtualization Security Risks Overlooked

Apr 06, 20072 mins
Data and Information SecuritySecurityVirtualization

Companies in a rush to deploy virtualization technologies for server consolidation efforts could wind up overlooking many security issues and exposing themselves to risks, warns research firm Gartner.

“Virtualization, as with any emerging technology, will be the target of new security threats,” said Neil MacDonald, a vice president at Gartner, in a published statement. MacDonald will be presenting a detailed analysis of the security ramifications of virtualization at the upcoming Gartner Symposium/ITxpo in San Francisco later this month.Virtualization software offers the ability to run multiple operating systems, or multiple sessions of a single operating system, on a single physical machine, whether server or desktop. But virtualization software, such as hypervisors, present a layer that will be attacked, and security strategies need to be put in place in advance, Gartner warns.

“Many organizations mistakenly assume that their approach for securing virtual machines will be the same as securing any OS and thus plan to apply their existing configuration guidelines, standards and tools,” MacDonald said. While this is a start, a closer look at securing virtual machines is required, especially since needed tools may be “immature or non-existent,” according to Gartner.

Among the specific points about virtualization and security that Gartner will address at the conference are:

  • loss of separation of duties for administrative tasks

  • patching and signature updates and protection from tampering

  • limited visibility into the host OS and virtual network to find vulnerabilities and correct configuration

  • restricted views into “inter-VM traffic” for inspection by intrusion-prevention systems

  • mobile VMs and security policy

  • immature and incomplete security and management tools

Gartner speculates that the “rush to adopt virtualization for server consolidation efforts” will result in many security issues being overlooked. That, in combination with the lack of available security tools for virtualization, will mean “as a result, through 2009, 60 percent of production [virtual machines] will be less secure than their physical counterparts.”

-Ellen Messmer, Network World