Virtualisation and third-party hosting pose security risks: Kaspersky

  • Most businesses use 3rd-party hosting and maintenance to manage virtualisation
  • Are they paying close enough attention to what their providers are doing?
Virtualisation and third-party hosting pose security risks: Kaspersky

LESS than one-third of businesses keep their virtualisation servers on-premise and managed entirely by their own internal IT staff, according to a Kaspersky Lab survey of 3,900 IT professionals worldwide.
 
As virtual infrastructure increasingly handles more business-critical services, the reliance on external hosting and management services raises potential security concerns, particularly for smaller businesses, the company said in a statement.
 
Off-site vs. on-premise
 
According to the more than 2,000 survey respondents who use virtual servers, only 29% report that their physical machines were located within the walls of their business and maintained by only internal staff.
 
On the opposite end of the spectrum, 17% of business rely completely on third-party contractors to house and maintain their virtual servers and services.
 
By far, the largest proportion of businesses, approximately 50%, relies on a mixture of third-party hosting and maintenance.
 
It should come as no surprise that the vast majority of businesses are using hosting services in some capacity for their virtual infrastructure, Kaspersky Lab said.
 
The benefits of reduced cost and complexity for most IT departments are clear, and these service providers can more easily add capacity to support growing businesses.
 
When examining the responses based on the business size, the data supports the conventional wisdom that smaller companies, which have fewer IT staffers and a smaller IT budget, are more likely to use a third-party provider, whereas larger companies are most likely to manage their virtualisation servers and services in-house.
 
It’s clear that small businesses are most likely to rely solely on third-party providers to provide and manage all of their virtual computing needs, Kaspersky Lab said.
 
To give a few examples, 41% of small businesses report using a third-party service to store all of their virtual servers at an off-site location, compared with just 26% of enterprises.
 
For maintaining these virtual servers and the services they provide, 33% of small businesses rely completely on their third-party hosting provider, compared with just 18% of enterprises.
 
Very similar rates of both small businesses and enterprises use a mixture of in-house and external resources for storing virtual servers (23% for small business, 29% for enterprise) and maintaining the servers (31% for both small businesses and enterprises), Kaspersky Lab said.
 
Critical business data in the cloud

Virtualisation and third-party hosting pose security risks: Kaspersky

As most businesses are content to store data beyond their own walls, it’s important to understand exactly what types of data are being entrusted to third-party providers, Kaspersky Lab said.
 
The company has previously reported that virtualisation is rapidly becoming used for more than just IT department tasks, as 52% of survey respondents agreed that virtual environments are now housing core elements of business IT infrastructure.
 
Kaspersky Lab’s survey investigated what business functions are being implemented on virtual infrastructure, and found this perception was indeed correct.
 
According to the responses of businesses using some form of virtualisation, these are the rates that services/applications are being implemented on virtual infrastructure compared to physical infrastructure:

  • Email and communications applications (e.g., Microsoft Exchange) – 68% using virtual infrastructure;
  • Database applications (e.g., Microsoft SQL Server and Oracle) – 65% using virtual infrastructure;
  • Customer relationship management (CRM) platforms – 65% using virtual infrastructure; and
  • Financial management/accounting applications – 56% using virtual infrastructure.

It’s clear that businesses are very willing to put their most precious business data in virtual environments, and in turn, trust the management of these virtual environments to third-party providers, the company said.
 
The question of whether these businesses are paying close enough attention to what their providers are doing is particularly worrisome for SMBs (small and medium businesses), which likely lack the resources and sophistication to implement their own internal security measures and effectively evaluate the measures of their virtualisation providers, Kaspersky argued.
 
Here are some basic steps that SMBs can take to ensure the security of virtual networks on their own end, and to put appropriate scrutiny on the security measures of their third-party providers:

  • Perform a thorough assessment of the security measures of any prospective virtualisation services provider, and ensure they conform to industry standards like ISO 27001 and CSA STAR.
  • Install a multi-layered security suite featuring heuristic and behavioural antivirus protection, host intrusion prevention system (HIPS), and protection against vulnerability exploitation on each workstation on the network.
  • Ensure that data leaving the on-site infrastructure is sent using secure connections, or VPN (virtual private network) connections for mobile users.

Related Stories:
 
Shifting attitudes towards virtualisation security: Kaspersky
 
Cloud adoption shaken by Snowden revelations: Survey
 
Basic security products don't cut it anymore: IDC
 
Security on the cloud: Myths dispelled
 
 
For more technology news and the latest updates, follow us on TwitterLinkedIn or Like us on Facebook

 
Keyword(s) :
 
Author Name :
 

By commenting below, you agree to abide by our ground rules.

Subscribe to SNAP
Download Digerati50 2018-2019 PDF

Digerati50 2018-2019

Get and download a digital copy of Digerati50 2018-2019