In a bid to boost business efficiency, an increasing number of companies are turning to virtualisation technologies. This is hardly surprising: virtualisation brings businesses a number of advantages, including cost reduction, increased manageability and improved performance of corporate networks.
However, the advantages always go hand-in-hand with the risks, which, as practice and statistics show, are often underestimated in many companies. But those who are security conscious can now find effective protection tools on the market.
Server virtualisation has already become a significant trend. This type of technology has long been popular and occupies an important place in the IT infrastructure of all kinds of GCC companies. Desktop Virtualisation (Virtual desktop Interface, VDI) has not yet become as widespread, as it is typically used by companies whose employees perform routine, strictly regulated tasks, for example call centre employees, and bank transaction officers. Only a relatively small proportion of organisations need such work places.
On the other hand, desktop virtualisation technologies continue to develop, and large GCC companies are increasingly implementing VDI pilot tests. Thus, the circumstances are ideal for desktop virtualisation technologies to take off in GCC and strong growth in the numbers of VDI implementations is forecast for 2012.
To identify the main trends in virtualisation across GCC companies, Kaspersky Lab has conducted a survey among IT specialists who are responsible for maintaining and securing the IT infrastructure for organisations with corporate networks of over 100 desktops. The survey revealed that 61% of the companies surveyed currently make use of server virtualisation, or plan to implement it in the coming year.
This figure amply demonstrates how popular and recognised the technology has become. Companies recognise the advantages and benefits it brings, and more and more are set to introduce virtualisation in the future.
Incidentally, companies in Europe and North America are introducing server virtualisation at even faster rates. According to a Forrester survey, 85% of companies already have or plan to implement server virtualisation.
Most applications that companies use in virtual environments are business-critical; these are databases, email services, ERP and CRM systems. This setup is the opposite of what we saw a few years ago when virtualisation was just starting to gain popularity.
Back then, companies introducing virtualisation in their corporate networks moved the least important applications into a virtual environment. This was done in order to get acquainted with the technology and see how it meets the organization’s requirements. Also, virtualisation technologies were not as well developed. The fact that many of today’s critical applications have migrated into virtual environments demonstrates that organisations now put great trust in this technology, while the technology itself has reached maturity.
Kaspersky Lab experts have noticed that there is a persistent myth that virtual machines are more secure than physical computers. This was corroborated by the survey we have undertaken: more than half of the respondents thought that IT security risks are lower for a virtual environment than those facing a physical system.
However, this notion about threats to IT security in virtual environments is not only unreasonably optimistic – it is fundamentally wrong. A virtual environment is subjected to lots of the same threats – malicious attachments in emails, drive-by attacks, Trojans, targeted phishing and so on – which physical environments are subjected to.
According to Forrester’s recommendation on How to get into the virtualization security game, companies should do the following:
1) Apply the Zero Trust Model of information security to their network architecture;
2) Consider virtualisation-aware security solutions going forward;
3) Implement privileged identity management; and
4) Incorporate vulnerability management into the virtual server environment.
For more information visit http://me.kaspersky.com/en/beready?
Before joining SME Advisor as an Assistant Editor in 2010 I obtained a Bachelors Civil Law Degree (Hons) from the National University of Ireland, Galway, Ireland, in 2005. I worked as a trainee lawyer in Dublin, Ireland, specialising in defence litigation and criminal law before obtaining a Masters in International Journalism from the University of Cardiff in 2009. At present I am the Editor of SME Advisor Middle East, which is a publication within the CPI Business Group. You can follow me on twitter: @mikey_byrne or @SMEadvisorME. Also, you can join me on Linkedin (Mike Byrne) or at (SME Advisor).