Jun 27, 2008 (08:06 PM EDT)
Analytics Summary: VMware Security

Read the Original Article at InformationWeek

1   2   3  
Our survey on the state of VMware security revealed some startling facts: Just four in 10 consider hyperjacking a realistic threat, and nearly half take a laissez-faire approach to virtual machine provisioning and management. Some even let business units deploy VMs with no oversight, perhaps because 20% assert that VMs are safer than physical servers.

The reality, and a concept that many IT and business managers fail to grasp, is that a virtual server is still a server. A production VM--and its host--must be held to the same level of rigor as a comparable physical production server, with identical change management policies for approval, deployment, patching, and other processes.

InformationWeek Reports

For now, accepted best practices are at least as important as VM-specific toolsets. Still, hypervisors must have security baked in from the beginning. Armies of attackers are no doubt working feverishly for the bragging rights that will come with being among the first to hyperjack--that is, to gain control over--a high-value physical server that hosts VMs.

So are industry-leading virtualization vendors doing enough to keep us safe? For example, will VMware's VMsafe program, which provides APIs with hooks into the ESX hypervisor, pay off for IT, or even help keep Microsoft's Hyper-V at bay?

Maybe, on both counts. Every security vendor we interviewed for our VMware Security Analytics Report, is focusing on product development for VMware. And every security vendor we interviewed for this report also has plans for Hyper-V or Xen product development. Making like Switzerland between VMware and Microsoft is a rational move, a reality backed up by our survey of 423 business technology professionals. VMware is still the dominant player in server virtualization, with 56% of installations, most of them Infrastructure 3/ESX. But our poll reflects the growing influence of Microsoft: 24% of respondents listed either Hyper-V or Virtual Server 2005 as their primary server virtualization platform.

This is far from typical estimates of 70% to 80% VMware ownership of the server virtualization landscape. An outlier? Perhaps. We expected Hyper-V to make a mark, but we must admit to being surprised by these results.