Companies are feeling more comfortable with the cloud, virtualization and even software defined data centers than ever before, despite their fears about security breaches, according to a study due out this month by technology companies HyTrust and Intel. While no one thinks security problems will go away, companies are willing to tolerate the risk in the name of agility, flexibility and lower costs.
Some 62 percent of executives, network administrators and engineers surveyed expect more adoption of SDDC in 2016, which can quantifiably drive up virtualization and server optimization, while 65 percent predict that these implementations will be faster.
Still, there are no illusions about security. A quarter of those surveyed say security will still be an obstacle, and 54 percent predict more breaches this year. In fact, security concerns are the No. 1 reason that 47 percent of respondents avoid virtualization, according to the report. They have good reason for concern. A single point of failure in a virtualized platform, such as a hack into the hypervisor software that sits just above the hardware and acts like a shared kernel for everything on top of it, has the potential to exploit an entire network, not just a single system.
“There’s a strong desire, especially by senior-level executives, to move forward with these projects because there are tangible benefits,” says Eric Chiu, president and co-founder of HyTrust. The opportunity to increase agility, revenues and profits trumps making the virtual environment safer, he adds.
Meanwhile, in the IT department, staff tends to focus on what they know how to protect, not necessarily what they need to protect, according to a Kapersky Labs report. Only a third of organizations surveyed possess strong knowledge of the virtualized solutions that they use, and around one quarter have either a weak understanding of them or none at all.
Dave Shackleford knows this all too well. He teaches a week-long course on virtualization and cloud security for the SANS Institute. By the end of the first day, he usually realizes that 90 percent of the students, a broad mix of system and virtualization/cloud administrators, network engineers and architects, have very little idea of exactly what they’re up against when it comes to securing virtual infrastructure.
“You’ve got organizations out there that are 90 percent virtualized, which means your whole data center is running in a box out of your storage environment. Nobody is thinking about it this way,” says Shackleford, who is also CEO of Voodoo Security. “It’s not uncommon to go into even really big, mature enterprises and find an enormous number of security controls that they’re unaware of or being overlooked in one way or another” in the virtual environment, he adds.
Sign up for CIO Asia eNewsletters.