• A Guide to Disaster Recovery in the CloudLearn how VMware vCloud® Air™ Disaster Recovery provides an affordable cloud-based solution to protect your applications and data.
    Please register now for a free copy of this e-book.

    Download
  • EMC Elect 2016 EMC Elect 2016 

    EMC Elect represents an unprecedented opportunity for members to receive exclusive access, privileges, and status in appreciation for their contributions to the EMC community.

    Read more

  • Demo Image Everything you need and nothing you don’t. EMC MOBILE is the essential tool for those of us who live EMC. Now your documentation library is available and in-sync online or off direct from the EMC Cloud

    Download

  • Mikes AppMikes.eu App listed in Top Free Business App Windows Store. This simple but very clear app shows all the new posts from this site. Available for Windows 8 and 10. Try it out!

    Download
  • Demo ImageWhy Advertise on Mikes.eu

    Mikes.eu traffic varies depending on the post. We have a VERY focused audience in the Virtualization, Storage and Cloud Marketing space. We have been ranked in the top 5 of Favorite Independent Blogger and one of the most visited website.

Gartner's statement about 60% of virtualized servers being less secure than physical servers

on Thursday, 12 April 2012. Posted in VMware

HyTrust, located in Mountain View, California, is a rapidly growing early-stage company that is focused on virtualization platform security and compliance.

I had the pleasure in an interview related to this issue with Eric Chiu president and founder of HyTrust. (http://www.HyTrust.com) I want to thank him for the time and effort to this. Eric has over 13 years of experience in high tech management and finance. Most recently, Eric was VP of Sales and Business Development for Cemaphore Systems, a leader in disaster recovery.

According Gartner, through 2012, 60 percent of virtualized servers will be less secure than physical servers. Although Gartner expects this figure to fall to 30 percent by the end of 2015, analysts warned that many virtualization deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.


Response from Eric Chiu:

1. In relation to Gartner's statement about 60% of virtualized servers being less secure than the physical ones they replace through the end of this year (Gartner's statement), how secure do you think the latest Hypervisor layer (VMware ESXi) is? According to VMware this appears to be the most secure hypervisor they build.

The statement from Gartner was focused more on the fact that 60% of virtualization deployments are architected without the security team involved. As it relates to ESXi, the threat surface area is smaller given that the service console has been eliminated -- this helps address hypervisor-level attacks which tend to be more theoretical in nature. However, the biggest real issues around security for virtual environments tend to center around access control, auditing and configuration management, which are not improved by ESXi.

2. According Gartner, hackers have already begun targeting the virtualization layer. How real is this threat?

I believe this is a real threat. Breaches are becoming more common (87% of companies have been breached) and most of the serious breaches (56%) involve an insider threat. Combine this with datacenters becoming virtual and APTs getting more sophisticated, and you will see more major exploits specifically attacking the virtual infrastructure going forward.

3. In my opinion, an infrastructure is only as strong as its weakest employee. What's your perspective?

I agree, and this is highlighted in a recent article from the Wall Street Journal on the "enemy within". Given that the most serious breaches tend to involve insider threats, this is a major issue -- especially in virtualization since the admin has access to all virtualized resources. 

4. Will moving to the cloud solve all your problems?

With the cloud, you are merely shifting the responsibility but not solving the problem. To solve the problem, companies need to make sure that they have the appropriate security and compliance controls to address their regulatory compliance requirements as well as corporate governance requirements. Companies that are looking to move the cloud have to make sure that the service provider can meet these needs as well.

Additional Comments:

Virtualization is currently the number 1 priority among CIOs, and the biggest challenge area for enterprise today is to virtualize mission-critical and compliance applications. These mission-critical applications require additional security controls and visibility which aren't addressed by the virtualization platform; therefore, purpose-built solutions are needed. The payoff is big -- by addressing these issues, companies can virtualize the next 50% of their datacenters, realizing the great ROI that virtualization offers.


Leave a comment

You are commenting as guest. Optional login below.

Download Free Designs http://bigtheme.net/ Free Websites Templates