While server virtualization is exploding into data centers around the world, the technology for securing virtual environments is lagging behind. It’s a fact likely to give some organizations that have gone down the virtualization path some very acute server security headaches, according to James Collinge, product line management director at network security solution provider TippingPoint, a division of HP. Collinge expressed this view at the Infosecurity Europe 2010 conference in London earlier this year.
To get some perspective, at least 16 percent of all enterprise workloads were running in virtual servers in the latter part of 2009 according to Gartner, but this number is predicted to grow to 50 percent — or around 58 million x86-based virtual servers — by 2012. But Gartner predicts that some 60 percent of those virtual servers will be less secure than the physical machines they replace.
Forrester Research also points out that 98 percent of organizations that use some form of virtualization are using VMware virtualization technologies. That means that if a zero-day exploit is discovered for VMware, it is likely to be more interesting to hackers than a similar one for a given mail, web, or DNS server would be.
Why will virtualized servers be less secure than the physical machines they replace? Some of the reasons for this lower level of server security that Collinge mentioned include:
Read the rest at ServerWatch.