Less than one-third of businesses keep their virtualisation servers on-premises and managed entirely by their own internal IT staff, according to a Kaspersky Lab survey of 3,900 IT professionals worldwide. As virtual infrastructure increasingly handles more business-critical services, the reliance on external hosting and management services raises potential security concerns, particularly for smaller businesses.
Off-Site vs. On-Premises: Based on Business Size
According to the more than 2,000 survey respondents who use virtual servers, only 29 percent report that their physical machines were located within the walls of their business and maintained by internal staff only. On the opposite end of the spectrum, 17 percent of businesses rely completely on third-party contractors to house and maintain their virtual servers and services. By far, the largest proportion of businesses – approximately 50 percent – rely on a mixture of third-party and in-house hosting and maintenance.
FREE Webinar TODAY, Oct. 21 at 3:30pm EDT: The Top 3 Threats to Retail IT Security and How You Can Defend your Data
It should come as no surprise that the vast majority of businesses are using hosting services in some capacity for their virtual infrastructure. The benefits of reduced cost and complexity for most IT departments are clear, and these service providers can more easily add capacity to support growing businesses. When examining the responses based on the business size, the data supports the conventional wisdom that smaller companies, which have fewer IT staffers and a smaller IT budget, are more likely to use a third-party provider, whereas larger companies are most likely to manage their virtualisation servers and services in-house. It’s clear that small businesses are most likely to rely solely on third-party providers to provide and manage all of their virtual computing needs.
To give a few examples, 41 percent of small businesses report using a third-party service to store all of their virtual servers at an off-site location, compared to just 26 percent of enterprises. For maintaining these virtual servers and the services they provide, 33 percent of small businesses rely completely on their third-party hosting provider, compared to just 18 percent of enterprises. Interestingly, very similar rates of both small businesses and enterprises use a mixture of in-house and external resources for storing virtual servers (23 percent for small business, 29 percent for enterprise) and maintaining the servers (31 percent for both small businesses and enterprises).
Critical Business Data Stored in the Cloud
As most businesses are content to store data beyond their own walls, it’s important to understand exactly what types of data are being entrusted to third-party providers. Kaspersky Lab has previously reported that virtualisation is rapidly becoming used for more than just IT department tasks, as 52 percent of survey respondents agreed that virtual environments are now housing core elements of business IT infrastructure. Kaspersky Lab’s survey investigated what business functions are being implemented on virtual infrastructure, and found this perception was indeed correct.
According to the responses of businesses using some form of virtualisation, these are the rates that services/applications are being implemented on virtual infrastructure compared to physical infrastructure:
· Email and communications applications (e.g., Microsoft Exchange) – 68 percent using virtual infrastructure
· Database applications (e.g., Microsoft SQL Server and Oracle) – 65 percent using virtual infrastructure
· Customer relationship management (CRM) platforms – 65 percent using virtual infrastructure
· Financial management/accounting applications – 56 percent using virtual infrastructure
It’s clear that businesses are very willing to put their most precious business data in virtual environments, and in turn, trust the management of these virtual environments to third-party providers. Are these businesses paying close enough attention to what their providers are doing enough to safeguard their business’s life-blood? This is a particularly worrisome question for SMBs, who likely lack the resources and sophistication to implement their own internal security measures and effectively evaluate the measures of their virtualisation providers.
Here are some basic steps that SMBs can take to ensure the security of virtual networks on their own end and put appropriate scrutiny on the security measures of their third-party providers:
· Become familiar with expert resources on cloud security management. This paper from the Cloud Security Alliance, “The Notorious Nine: Cloud Computing Top Threats in 2013,” is a good place to start gathering information about threats to cloud-based data.
· Perform a thorough assessment of the security measures of any prospective virtualisation services provider and ensure they conform to industry standards like ISO 27001 and CSA STAR.
· Install a multi-layered security suite featuring heuristic and behavioural antivirus protection, host intrusion prevention system (HIPS), and protection against vulnerability exploitation on each workstation on the network.
· Ensure that data leaving the on-site infrastructure is sent using secure connections, or VPN connections for mobile users.
To ensure that businesses themselves don’t become the “weak link” in a virtualised environment, Kaspersky Lab continues to create new technologies that businesses can use to extend their own protection to data stored in off-site datacenters. Kaspersky Lab has also spent years working with leading virtualisation platform providers to develop specialised security solutions to meet the unique security and performance requirements of virtual environments. Information about Kaspersky Security for Virtualisation, as well as a number of resources to help explain different styles of virtualisation security, can be found in Kaspersky Lab’s business centre.
The highlights of business trends and usage around virtualisation and virtualisation security identified by Kaspersky Lab’s global survey can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualisation summary report.
About Kaspersky Lab
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.