Surveys Raise Doubts on Virtualization Security

##AUTHORSPLIT##<--->

Migration to virtualization won't be the quick transition that some technology evangelists have predicted, according to recent surveys by two IT security companies. Nor is virtualization as secure as many might want it to be.

Virtualization security appeared to be a doubtful matter for nearly half of respondents in a survey released on Monday by San Francisco-based network security firm nCircle Inc.

In that survey, 47 percent of the study's more than 200 respondents said they didn't think the security methodologies around current virtualization programs were sound at all. Another seven percent of respondents ranked virtualization security in the "maybe/ depends" category.

"Security professionals are generally and rightfully always somewhat skeptical about new technologies," said nCircle's Director of Security Operations Andrew Storms. "I think seasoned veterans understand that technology can be both an enabler and a hindrance to solving any problem, security not excluded. How, when, where and why technologies are introduced to solve a problem is what matters most."

The jury is still out on virtualization security, which accounts for the split results found in nCircle's poll, Storms said.

The need for virtualization is clear. It's easier to roll out a new virtual guest system than it is to go into a room and push out a physical server. Moreover, a second survey, published this week by St. Paul, Minn.-based Shavlik Technologies, found that virtual machines are quickly becoming a fixture in many organizations.

Shavlik's survey polled VMworld 2008 conference attendees in a sample of nearly 300 IT, virtualization and security specialists. The survey found that security lagged despite virtualization rollouts. More than 80 percent of IT managers rated securing these virtual machines as "very important to critical," but only 35 percent had actually secured them, Shavlik's study found.

"Companies recognize the benefits of virtualization but are slower at implementing the security measures needed to protect their available information assets," said Chris Schwartzbauer, Shavlik's vice president of worldwide field operations.

While that's a problem now, virtualization offers some benefits.

"Increased investment in automating and simplifying the elements of securing virtual machines represents a significant challenge, but also an opportunity for companies to increase operational efficiencies and reduce the total cost of managing the security of virtual systems," Schwartzbauer explained.

Virtualization marks a shift in thinking, as described in a landmark speech by VMware's President and CEO Paul Maritz. He said the IT infrastructure should be treated as "a single giant computer on which applications can be provisioned in a more manageable, scalable way."

Maritz and other virtualization proponents insist that the IT community's attention will shift from devices and applications themselves to the customized needs of users and enterprisers.

Security, when used with virtualization, needs to be platform agnostic, just like the information it protects, according to Storms and some of his peers. However, it's important to stay focused on the main goal in information security: preventing breaches.

"Still there's the realization that information is everywhere. And honestly, we need not be too concerned if it resides on physical or virtual servers," Storms said. "What matters is that we consider information protection mechanisms that follow the information."

To protect IT assets, it's important to follow best practices and work toward achieving compliance in approved system configurations, he added.

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.