Today I found an interesting article from Gartner, they predict that in 2012 60 percent of all virtual servers will be less secure than the physical servers they replace. Gartner expects this percentage to drop to 30% at the end of 2015.
These are the main risks Gartner identified, for the complete article check this page.
- Information Security Isn't Initially Involved in the Virtualization Projects
- A Compromise of the Virtualization Layer Could Result in the Compromise of All Hosted Workloads
- The Lack of Visibility and Controls on Internal Virtual Networks Created for VM-to-VM Communications Blinds Existing Security Policy Enforcement Mechanisms
- Workloads of Different Trust Levels Are Consolidated Onto a Single Physical Server Without Sufficient Separation
- Adequate Controls on Administrative Access to the Hypervisor/VMM Layer and to Administrative Tools Are Lacking
- There Is a Potential Loss of Separation of Duties for Network and Security Controls
"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."