Chris Hoff kicked this topic off a few months ago when he blogged about what rogue virtualization projects had to do with a stranded house near an LA freeway. His observations are both poignant and hilarious.
Lisa Vaas adds to the mix with an excellent eWeek piece on VM security which again talks about how little virtsec planning there has been when it comes to the data center. Vaas interviews David Lynch from Embotics about the breadth of VM deployment and the unfortunate lack of depth when it comes to security planning:
Lynch pointed to surveys showing that 55 percent of respondents believe VMs are as secure as or more secure than physical servers—a belief that “unfortunately is not the case,” he said. Even more telling, 24 percent think they’re less secure, and 21 percent don’t know if VMs are more or less secure than physical servers. That’s shocking, given that virtualization is being deployed in all Fortune 100 companies and 80 percent of Fortune 1000 companies, Lynch said.
Normally, in the security world, there is some level of consensus around whether a problem exists and a focus on what to do about it. With virtualization, however, adoption has been broad but shallow. Market researcher IDC notes that only 7 percent of physical servers have been virtualized around the world. Everybody’s doing it, but nobody’s doing it thoroughly or methodically.
This article is an excellent complement to a growing body of virtsec coverage. You can read all of CMPs virtsec coverage (from this year) in the CMP Playbook sponsored by AMD and Blue Lane. You can also read plenty more in the Blue Lane newsroom.