September 18, 2014

Virtualization security technologies: No need to fear


While today’s IT security problems are more or less the same everywhere, different industries approach them at different angles with uneven amounts of effort. There are some industries which have more difficulty than others with establishing their security,  mainly because they are reluctant to adopt newer technologies due to the effort it would take.

Let’s take the healthcare industry for instance. It works with a lot of personal data and there has been much in the news recently about medical facilities becoming the victims of the breaches and being the source of massive data leaks. It would be safe to assume this industry would be interested in implementing new security means and associated technologies in order to decrease the amount of pressure from cybercriminals and other information threats.


However healthcare, just like financial services, is an industry bound by strict compliance laws. These laws are intended to protect the personal data these industries are working with, but there’s an extra encumbrance: The financial services and healthcare sectors are ranked the highest in being overwhelmed by compliance requirements. Their response rates are of 40% and 38% respectively, according to Kaspersky Lab’s 2014 IT Security Risks summary report. The other segments have much lower response rates of this kind – 25-33%.

And this actually does hinder the implementation of new technologies: the less bureaucracy, the better – at least on the surface.

On the other hand, 49% of healthcare respondents and 50% of financial services respondents reported that “security concerns” were hindering their adoption of virtualization technologies. That’s the highest response rate, way above a global average. Security of virtual infrastructure is a newer trend, and its specifics are not always well understood. What is not understood sometimes looks scary.

This data suggests that the perceived “security concerns” the survey found to be associated with new virtualization technology is, in part, fueled by concerns over potential extra compliance issues. Also, these industries don’t seem overly concerned with securing the virtual machines they already have.



In the financial services industry, “Security of Virtualized Infrastructure” was listed as a top IT security concern by only 16% of respondents, and only 12% in healthcare, compared to an overall average of 14%. Why the disparity? The answer could be attributed to the attitude of “if it’s not broken, don’t fix it.” That makes some sense. But in reality, as shown earlier, IT professionals don’t do well when it comes to understanding their virtualization security options, and the vast majority of existing virtualized infrastructure was being protected by traditional “agent-based” security.

Agent-based security is the same style of security used to protect physical endpoints, and this diminishes the primary advantages of virtualization, swallowing computational resources that could be used for the increased productivity – we actually wrote about it earlier this year.

We can theorize that IT providers in the compliance-heavy financial services and healthcare sectors are concerned that adding new virtual platforms to their networks may require virtualization-specific security measures which they don’t fully understand.

If this theory is correct, IT departments in the financial services and healthcare sectors aren’t reaping the potential benefits that virtualized infrastructure can bring to their networks due to fear of an unfamiliar security technology creating compliance issues and other risk-factors.

These fears can be well calmed by more awareness. Modern virtualization security platforms, based on agentless and light agent approaches, can actually reduce the complexity of managing virtual networks, boost overall network performance, and be customized to ensure that security requirements of compliance regulations are fully met. And don’t need to be scary.