IT organizations have reported that large numbers of staff suspect unauthorized access to files on virtualized servers. Some of these reports have come from first-hand witnesses, and there’s substantial fear among IT workers that data governance in virtualized environments is being neglected.
Varonis conducted the study at the company’s VM (virtual machines) World conferences, found 48 percent of respondents feel this is a problem that is being neglected by IT companies far and wide, with about 70 percent of respondents reporting little or no auditing on virtual servers.
“We have found that, after a workload is virtualized, the actual details of managing file permissions and monitoring access is considered to be automatically ‘taken care of,’” said David Gibson, vice president of strategy at Varonis.
Gibson went on to say that for IT departments, virtualization “may be something of a black box,” and that “It is also quite possible that the teams managing virtualization projects see file security and governance as outside their discipline.”
The study further reported 60 percent of respondents are “very careful” about setting permissions and controlling any subsequent updates, but a larger number – 70 percent – reported implementing little or no auditing.
This finding is especially surprising considering the study examined companies of all sizes.
Gibson added his take on how the problem should be solved; “Data protection, obviously, requires the same level of vigilance in a virtual environment--and perhaps even more so given the complexities of managing multiple operating systems on a single computing box. For organizations to stay on top of their digital assets it is vital to further IT education in this area.”
This education should be twofold, Gibson says, including “in terms of training staff in understanding virtual file systems, as well as in effectively using automation to uncover security holes, monitor activity, and control permissions.”
A related report from Gartner (News - Alert) states that currently there are more than 50 million installed VMs on servers, so the amount of unprotected or poorly-protected information is significant.
Both reports found the biggest problem to be file security, with Varonis reporting that 68 percent of the IT workers in the study believe their companies still have unauthorized access, despite auditing all activity.
This study provides a look at the drawbacks of virtualization, which has been seen as such a positive move for IT, allowing organizations to isolate applications and services with just a few clicks. The speed and ease provided by virtualization should not be overstated, however, as security has now been proven to fall by the wayside.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, happening now in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.