Virtualized Environments Lack Data Security: Varonis
The lack of sufficient security could be putting sensitive company information at risk of being misused, lost or stolen.Data security in virtualized environments is often neglected by IT organizations, with nearly half (48 percent) of organizations either reporting or suspecting unauthorized access to files on virtualized servers, according to a survey conducted by Varonis, a provider of comprehensive data governance software. The lack of sufficient security could be putting sensitive company information at risk of being misused, lost or stolen, although the report noted that even for those who do audit all activity, a significant 68 percent believe there is still unauthorized access. “We suspect that for IT departments, virtualization may be something of a black box,” Varonis vice president of strategy David Gibson said in a statement. “We have found that, after a workload is virtualized, the actual details of managing file permissions and monitoring access is considered to be automatically ‘taken care of.’ It is also quite possible that the teams managing virtualization projects see file security and governance as outside their discipline. The security team may have no visibility of what is happening.” While almost 60 percent said they were very careful about setting permissions and controlling subsequent updates, 70 percent of respondents, regardless of company size, had implemented little or no auditing even at the high end of the enterprise space. A fifth (20 percent) of enterprises with more than 5,000 employees admitted to having no file-logging capabilities in place.
With more than 50 million installed virtual machines (VMs) on servers, the survey found application servers were virtualized by almost all respondents (87 percent) to speed deployment (76 percent) and enhance disaster recovery (74 percent). On the other hand, those who do not virtualize cited disk storage (37 percent), performance (30 percent) and a lack of advantages (20 percent) as the three main reasons for not doing so.