3 security risks of virtualization and what IT can do

More small businesses are relying on virtual servers and desktops to help cut costs and improve the IT infrastructure. Are they prepared for the potential security risks of virtualization? 

The majority of small and mid-sized organization are already using some form of virtualization somewhere in the company, according a recent Cisco survey. Among the 150 IT managers from those companies, 77% have virtualized a part of their infrastructure already.

In addition, the trend is expected to grow, as more than 70% of companies plan to increase their virtualization budgets over the next two years.

The most popular types are server virtualization (used by 59% of companies) and desktop virtualization (57%), followed by storage (44%) and network virtualization (42%).

Nearly all of the companies (91%) agreed virtualization gives organizations a competitive advantage. Top benefits cited include cost savings, easier backups and redundancies of key systems, and increased flexibility and scalability.

Virtualization has security risks, too

While companies benefit overall, it’s also critical to be aware of the risks of virtualization and manage them accordingly.

Primarily, many companies are worried about the security risks of virtualization, as 51% of the IT managers surveyed said they were concerned with data security in a virtual environment.

Here are some of the top virtualization security dangers, and what IT departments should do about them:

1. Lax access controls

When multiple virtual servers are hosted on the same physical machine, it’s critical for IT to make sure those machines are properly separated and that access to each VM is only given to those who need it. That means it’s especially important to control access to the virtualization management layer, since accessing that can provide access to all the virtual machines on the server.

2. Vulnerabilities in virtualization software

In addition to gaining access due to configuration or authorization errors, attackers may also get access to virtual machines through vulnerabilities in the virtualization software. That’s why it’s important to keep all those applications patched and up to date.

3. Asset management challenges

When all machines are physical, they’re much easier to keep track of. But that becomes a lot more difficult with virtual machines that can be created and moved easily. For security and other reasons, it’s critical that companies have a process in place to make sure IT is keeping track of what machines exist, what they’re used for, where they are, and who can access them.