Gartner: VMs are less secure than non-virtual counterparts

Citing new research, Gartner announced that 60 percent of virtual servers are less secure than the physical ones that they replace. The situation is expected to remain constant through 2012 before falling to 30 percent in 2015. Gartner warns that one of the causes has to do with the fact that many virtualization deployment projects are happening without the involvement of the information security team, at least not in the initial architecture and planning stages.

Indeed, the issue is not related to virtualization being inherently insecure, says Neil MacDonald, vice president and Gartner fellow. MacDonald noted however that, "most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."

As a relatively new platform, the use of a hypervisor represents a new threat vector in which new vulnerabilities have not yet been discovered. To better secure the hypervisor, Gartner recommends that it should be kept as "thin" as possible while at the same time tweaking the configuration to harden it against unauthorized modifications.

In addition, Gartner also suggested that "Virtualization vendors should be required to support measurement of the hypervisor/VMM layer on boot-up to ensure it has not been compromised. Above all, organizations should not rely on host-based security controls to detect a compromise or protect anything running below it."

For more on this story:
- check out this article at Network World
- check out this article at IDG News 

Related Articles:
SMBs do better virtualization, says VMware
New IEEE standards to ease virtual networking headaches
VMware unveils Amazon-like cloud offering
Application performance set to be next virtualization headache
Virtual server sprawl can kill cost savings