By 2012, the majority of virtualised servers will be less secure than the physical counterparts they replace, according to analysis by market researcher Gartner.
Statistics published by Gartner show that 60% of virtualised servers will be considered insecure. This is not because they are inherently so but because many are deployed incorrectly or without the advice of information security staff in initial architecture and planning stages.
Security pitfalls associated with virtualisation include mounting workloads of different trust levels onto a single virtual server, and poor visibility and controls on internal virtual networks.
Part of the problem, according to the industry analyst, is that 40% of all virtualisation projects were completed without consulting security experts, as businesses ignore the risks associated with introducing hypervisor and virtual machine monitor software.
Education will play a major role in solving these issues, Gartner claims, forecasting that the 60% figure will fall to 30% by 2015. “Virtualisation is not inherently insecure,” said Neil MacDonald, vice president and Gartner fellow. “However, most virtualised workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.”