Tripwire surveyed IT professionals to learn how virtualization is expanding and if security, change controls and compliance requirements are keeping pace. Read this white paper to learn more about the state of virtualization today and why most of the respondents agree that a dedicated configuration tool is needed and are in the process of evaluating or planning to acquire such a tool.
WHITEpaper
Is Virtualization Under Control?
Current Opinions on Security and Controls for Virtual Servers in Production Environments
page 2 Executive Overview
page 3 Virtualization in Production
page 4 Security and Controls
page 6 Organizational Responsibility
page 8 Inhibitors and Enablers
page 9 Summary
page 10 About the Survey
page 10 About Tripwire
İİ22000088 TTrriippwwiirree,, IInncc.. TTrriippwwiirree iiss aa rreeggiisstteerreedd ttrraaddeemmaarrkk ooff TTrriippwwiirree,, IInncc.. AAllll ootthheerr pprroodduucctt aanndd ccoommppaannyy nnaammeess aarree pprrooppeerrttyy ooff tthheeiirr rreessppeeccttiivvee oowwnneerrss.. AAllll rriigghhttss rreesseerrvveedd..WHITE?PAPERIs Virtualization Under Control?
Executive OverviewTripwire recently surveyed enterprise IT professionals to assess how vigorously virtualization is expanding within production server environments and to gauge if security, change controls and compliance require-ments are keeping pace. Virtualization has clearly gained a lasting foothold, and the strength of IT process controls on virtual servers is reported to be on par with those implemented in the physical realm. However, opinions on who is responsible for ensuring that security and controls are instituted across virtual infrastruc-ture vary between functional groups.. Virtualization in Production: More than 90% of those interviewed said that virtualized servers are now deployed in their production environments and run a wide variety of applications. For three out of four respondents, up to half of their production servers are now virtualized.. Security & Controls: Compared to physical servers, the strength of controls for virtualized servers are perceived as equivalent, if not even stronger. More than 80% of respondents said their change management and compliance controls are no different. A total of 26% felt security controls for virtualized servers are actually more stringent. . Organizational Responsibility: A "tug of war" may be underway over who is accountable for security and controls for virtual servers. Just half of those surveyed felt that ensuring security, change control, and compliance for virtual servers is the responsibility of system administrators and their management. On the other hand, 37% of those associated with the Security group claim responsibility for security controls.
A serious issue awaits for some organizations deploying virtual servers in production environments. Eight out of 10 respondents said that the greatest factor limiting the expansion of server virtualization is a lack of time, staff, and/or skills. The majority also agreed that security risks for virtual servers are the result of mis-configuration, not inherent weaknesses of virtualization technology. If an increasingly overworked IT staff is more likely to make mistakes, and configuration errors are the cause of security exposures in virtual servers, then IT management must consider how they can mitigate this risk.
As more of the production workload becomes virtualized and those managing virtual servers continue to be overwhelmed, it is apparent that automated configuration control must play a larger role to ensure appropri-ate server configuration and adequate security. A majority of 69% agreed that a dedicated configuration tool is needed to ensure proper configuration of virtualized servers, and two-thirds of these respondents are in the process of evaluating or planning to acquire such a tool over the next 12 months.
Page 2WHITE?PAPERIs Virtualization Under Control?
Virtualization in ProductionVirtualization is being broadly adopted within enterprise IT infrastructure for many reasons, and industry analysts and journalists have explored the topic in detail. According to a comprehensive report on virtualization trends and forecasts conducted by Enterprise Management Associates (EMA) released in April 20081, server consolidation and improved hardware utilization tops the list of most organizations, as these drivers successfully translate to reduced hardware costs and floor space requirements. Other critical benefits include reducing downtime, enabling more effective disaster recovery and business continuity, and ensuring better achievement of service level agreements.
Test and Development, according to the EMA study, remains the ... [download for more]
