Could Virtualized Servers Present Security Holes?

In spite of the growing popularity of server virtualization, the majority of IT professionals don't consider their virtual environments as secure as the rest of their network operations. That's the conclusion of a recent vendor-sponsored survey of 300 IT managers, security personnel, auditors and administrators. Prism Microsystems sells products for monitoring the security of the IT infrastructure, including hypervisors, the programs that allows multiple operating systems to run on the same piece of hardware.

"2010 State of Virtualization Security Survey," a 14-page report published by the company, cited several vulnerabilities that could exist in an unprotected virtualization layer. This layer encompasses the hypervisor and virtual management applications and can, potentially, "provide unfettered access to all hosted machines on a physical server." Added to that, the authors wrote, "Traffic between virtual machines on the same box never hits the physical network where network monitoring tools such as intrusion prevent/detection systems reside, rendering them ineffective." Also, the report said, log monitoring systems aren't necessarily capturing data at the virtualization layer.

Currently, according to the report's authors, industry experts believe a failure associated with a hypervisor-based attack "is somewhat theoretical." But 58 percent of respondents expressed concern about the potential for a hypervisor to create a single point of entry into multiple machines; 57 percent said they were concerned about the introduction of a new layer that could be attacked; and 54 percent cited "VM sprawl and flexible deployment capabilities" as a potential problem because it could lead to unmonitored or invisible machines.

A comparable number of people--nearly six in 10--reported that they use existing traditional security tools and strategies to secure their virtual environment. Yet slightly more than half of all respondents also said they don't agree that these are sufficient to provide "security insight into all layers of the virtual environment.

Only a fifth of enterprises are using virtual environment-specific security approaches. What's holding the others back is a combination of factors, primarily a lack of budget, a lack of staff expertise, and a lack of support from their security vendors.

"The reality is the money is just not there for specialty virtual security tools. And even if it was available, that approach is incorrect as it creates another silo of un-integrated security data," said Steve Lafferty, Prism's vice president of marketing. "In this environment, IT teams have to get the most out of what they have. This means leveraging solutions that do more with less and provide a single point of control to seamlessly monitor the entire IT infrastructure, from the physical to the virtual."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.

  • The AI Show

    Register for Free to Attend the World's Greatest Show for All Things AI in EDU

    The AI Show @ ASU+GSV, held April 5–7, 2025, at the San Diego Convention Center, is a free event designed to help educators, students, and parents navigate AI's role in education. Featuring hands-on workshops, AI-powered networking, live demos from 125+ EdTech exhibitors, and keynote speakers like Colin Kaepernick and Stevie Van Zandt, the event offers practical insights into AI-driven teaching, learning, and career opportunities. Attendees will gain actionable strategies to integrate AI into classrooms while exploring innovations that promote equity, accessibility, and student success.

  • robot waving

    Copilot Updates Aim to Personalize AI

    Microsoft has introduced a range of updates to its Copilot platform, marking a new phase in its effort to deliver what it calls a "true AI companion" that adapts to individual users' needs, preferences and routines.