Server images are floating around on disk and are whizzing around networks. Live migration means that virtual server memory pages are also whizzing around on the network. New architectures, processes and management systems, as well as organizational upheaval, are all creating infinite possibilities for mischief. So we naturally asked (and have been asking every year since 2004) what companies were doing differently for security. Any tools? Any new architectures? Anything?According to Antonopoulos, less than one company in ten surveyed was "deploying any security tools designed to deal with virtualization." More than two out of three firms had "no plans at all to do anything specifically aimed at security their virtual environments."
Fast forward to last week, when the publication revisited the topic -- this time with a focus on the vendors themselves. While some companies are making progress in virtualization security, including the development of dedicated security APIs and new third-party security tools, the overall lack of progress remains both surprising and disturbing to many experts.
Don't Miss: NEW! Virtualization How-To Center
It's easy -- and correct -- to take vendors to the woodshed for this poor showing. But that doesn't let their customers off the hook.
Too many IT professionals think that isolating their virtual servers with virtualized LANs protects them against external security threats. And too many think that a bare-metal hypervisor is immune to the security flaws associated with a full-scale server OS.
Both assumptions are wrong. History proves that when a new technology -- any technology -- hits the IT mainstream, attackers will sit up, take notice,and rise to the challenge. It's a question of when, not if, the honeymoon will end.
Companies that use server virtualization need to take security just as seriously as they would with a physical server infrastructure. They need to pressure vendors to treat security concerns as a deadly serious business, rather than looking the other way. And when necessary, they need to vote with their checkbooks to persuade vendors that they mean business.