A lot of people make the mistake of assuming that if the host OS on the physical server (or PC) has security tools and antimalware in place, it will protect virtual machines running on that server or PC. That is not the case.
The value of virtual servers lies in the fact that they are–for all intents and purposes–just as “real” as any physical server. That also means that each virtual server is an independent, fully-functioning server capable of being exploited and compromised.
I wrote about a new survey from Kaspersky Labs related to securing virtual environments:
[inlinetweet prefix=”” tweeter=”” suffix=””]Don’t let the word “virtual” in virtual servers fool you.[/inlinetweet] You’re the only one who knows it’s virtual. From the perspective of the virtual server itself, the devices connected to it, applications running on it, end-users connecting to it, or security threats trying to compromise it, the server is very, very real. A new survey from Kaspersky Labs found that many IT professionals understand that securing virtual environments is important, but don’t fully understand the threats or how to properly defend against them.
Kaspersky Lab surveyed nearly 4,000 IT professionals around the world to gather research for the Global IT Security Risks Survey 2014—Virtualization report. Security concerns were cited by 43 percent of respondents as a significant barrier to implementing virtualization, and 41 percent stated that managing security solutions within virtual environments is a struggle.
Those numbers aren’t horrible, but could be better. Where things take a turn for the worse is when Kaspersky Labs asked the IT professionals about their awareness of the security threats facing virtual environments and how to defend against them. According to Kaspersky, 36 percent claim that security concerns facing virtual servers are significantly lower than those for physical servers, and 46 percent believe the virtual environment can be adequately protected using conventional security solutions. More than half of the survey respondents indicated their company has only partially implemented security solutions in the virtual environment.
You can read the full article at PCWorld: Virtual servers still face real security threats.