Companies using virtual servers have been warned to be vigilant, following a survey conducted by data security firm Varonis.
48% of respondents either reported or suspected unauthorised access to files on their virtualised servers.
Almost 60% said they were careful about setting permissions and controlling subsequent updates, 70%, regardless of company size, had implemented little or no auditing - even at the high end of the enterprise space, said Varonis. 20% of enterprises with more than 5,000 employees admitted to having no file logging capabilities in place.
“We suspect that for IT departments, virtualisation may be something of a black box. We have found that, after a workload is virtualised, the actual details of managing file permissions and monitoring access is considered to be automatically taken care of," said Varonis strategy v-p David Gibson. "It is also quite possible that the teams managing virtualisation projects see file security and governance as outside their discipline. The security team may have no visibility of what is happening."
The survey was conducted by Varonis in August 2012 at VM World Conferences in Barcelona and San Francisco with 107 respondents.
Source:
http://www.electronicsweekly.com/Articles/2013/01/29/55457/virtualised-servers-give-a-false-sense-of-security.htm