Home > Security

Techworld.com - It seems that those IT managers who said that virtualised servers were more insecure than physical ones may have had a point after all.

According to a new report from Gartner, 60% of virtualized servers will be less secure than the physical ones they've replaced, thanks to bad practices by IT departments. The report, Addressing the Most Common Security Risks in Data Center Virtualization Projects, points out some of the pitfalls involved in moving to a virtualized environment.

It's not that virtualized servers are inherently less secure, said Neil MacDonald, vice president and Gartner fellow, but "most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

In 40% of the cases, virtualization projects were rolled out without any reference to an organization's security team, said Gartner. The company said that while the underlying physical structure hadn't changed, there was an additional risk through the use of hypervisor software. According to Gartner, enterprises are failing to acknowledge that additional risk and should look to extend their security processes.

Gartner has identified other areas where a virtualization project could pose a security risk for an organization, including lack of control over administrative privileges when moving to a virtual machine and the separation of workloads with different trust levels.

One of the biggest dangers is to the hypervisor layer itself, which Gartner describes as particularly vulnerable to attack, suggesting that cybercriminals are already targeting this, on account of the privileged level that the hypervisor holds in the stack. According to Gartner, this layer should be treated as the most critical part of the server platform, keeping it as thin as possible and preventing all unauthorized changes to the hypervisor.

Originally published on 1.0. Click here to read the original story.