Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Survey: Unauthorized Access to Virtual Servers a Concern for IT

According to a recent survey conducted by Varonis, a data governance solutions provider, data security in virtualized environments is often neglected by IT organizations.

According to a recent survey conducted by Varonis, a data governance solutions provider, data security in virtualized environments is often neglected by IT organizations.

The small survey, conducted at VM World conferences in Barcelona and San Francisco, suggests that when it comes to virtualized servers, security is often an afterthought, as 70% of respondents had little or no auditing in place on virtual servers.

The lack of sufficient security is highlighted by the fact that 48% of respondents either reportedor suspected unauthorized access to files on their virtualized servers . Additionally, even for those who do audit all activity, 68% believe there is still unauthorized access.

According to a 2012 report from Gartner, there are more than 50 million installed virtual machines (VMs) on servers. According to Varonis’s survey, application servers were virtualized by almost all survey respondents (87%), primarily due to speedier deployment (76%) and disaster recovery (74%). Those who do not virtualize cite disk storage (37%), performance (30%) and a lack of advantages (20%) as the three main reasons for not doing so.

File security was often neglected by organizations of all sizes, Varonis said. According to the survey, almost 60% said they were very careful about setting permissions and controlling subsequent updates, and 70% had implemented little or no auditing. In fact, 20% of enterprises with more than 5,000 employees admitted to having no file logging capabilities in place.

“We suspect that for IT departments, virtualization may be something of a black box. We have found that, after a workload is virtualized, the actual details of managing file permissions and monitoring access is considered to be automatically ‘taken care of.’ It is also quite possible that the teams managing virtualization projects see file security and governance as outside their discipline. The security team may have no visibility of what is happening,” David Gibson, VP of Strategy at Varonis, said in a statement.

The results suggest that, while virtualization has been groundbreaking in allowing IT to isolate applications and services with a few clicks, it doesn’t solve permissions management and access auditing — in fact it might make it even more complex.

“Data protection, obviously, requires the same level of vigilance in a virtual environment — and perhaps even more so given the complexities of managing multiple operating systems on a single computing box,” Gibson added. “For organizations to stay on top of their digital assets it is vital to further IT education in this area, both in terms of training staff in understanding virtual file systems, as well as in effectively using automation to uncover security holes, monitor activity, and control permissions.” 

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.