Don't let the word "virtual" in virtual servers fool you. You're the only one who knows it's virtual. From the perspective of the virtual server itself, the devices connected to it, applications running on it, end-users connecting to it, or security threats trying to compromise it, the server is very, very real. A new survey from Kaspersky Labs found that many IT professionals understand that securing virtual environments is important, but don't fully understand the threats or how to properly defend against them.
Kaspersky Lab surveyed nearly 4,000 IT professionals around the world to gather research for the Global IT Security Risks Survey 2014--Virtualization report. Security concerns were cited by 43 percent of respondents as a significant barrier to implementing virtualization, and 41 percent stated that managing security solutions within virtual environments is a struggle.
Those numbers aren't horrible, but could be better. Where things take a turn for the worse is when Kaspersky Labs asked the IT professionals about their awareness of the security threats facing virtual environments and how to defend against them. According to Kaspersky, 36 percent claim that security concerns facing virtual servers are significantly lower than those for physical servers, and 46 percent believe the virtual environment can be adequately protected using conventional security solutions. More than half of the survey respondents indicated their company has only partially implemented security solutions in the virtual environment.
The reality is the virtual server is every bit as vulnerable as its physical counterparts when it comes to the millions upon millions of exploits in circulation. There is also malware that specifically seeks out and targets virtual environments--including an ability to reside in memory and hop from one virtual machine to another to avoid being removed even if the entire virtual server is wiped out and rebuilt.
Virtualization is not only here to stay, it's still on the upswing. Larger businesses are using virtual servers--either in the cloud or hosted internally in a datacenter--because it just makes sense. Many companies are also moving toward virtual applications and virtual desktop environments. The bad guys will continue to find innovative ways to exploit and compromise all servers--physical and virtual--and it's imperative that companies understand the threat and employ appropriate security measures capable of defending the virtual environment.