It’s no secret that data center virtualization can deliver lots of business benefits for organizations. Among these are a decreased reliance on physical servers and their associated costs, reduced data center footprint, energy savings, faster server provisioning, increased systems uptime, enhanced disaster recovery and greater agility—to name a few.
But virtualization can bring its own set of challenges for organizations. One of the biggest is virtual machine (VM) sprawl, and the inherent information security risks of this sprawl.
A survey of 166 U.S.-based enterprise IT organizations by research firm 451 Research, released in October 2016, shows that VM sprawl is a major issue for IT departments. Only 13 percent of the survey respondents said they understand how VMs are being used over time, and just 12 percent can identify who has logged in to VMs and how often.
The Cloud Security Alliance, an organization that provides educational services and best practices recommendations to help ensure that organizations have a secure cloud computing environment, in 2015 cited VM sprawl as one of the top virtualization risks that enterprises face.
VM sprawl creates new challenges as companies try to effectively track and manage their strategic data assets. The effort to encapsulate in individual VMs, understand what data the organization has, where the data is located, and who can access it can become unwieldy. Furthermore, storage usage guidelines, data privacy regulations, and governance policies can be difficult to enforce across a growing number of VMs in the enterprise.
Despite these challenges, organizations are obligated to protect their data in a virtualized environment. This is especially true for the most valuable and sensitive data assets in the organization, such as business-critical information, intellectual property and personally identifiable customer and employee data.
What businesses need to achieve is a 360-degree view of their virtualized data assets, so they can analyze the activity related to these assets and better secure them. The aim is to always know who is accessing the virtualized data assets and how they are being used, and to be able to easily locate lost data across all VMs.
In addition to deploying technology that provides this type of capability, enterprises can implement a number of good practices. These include training employees with the organization’s specific environment in mind; educating the team about the secondary costs of data theft, including tarnished brand reputation, damaged customer relationships, and legal ramifications; and protecting the data at its core, regardless of the surrounding environment, to meet the security needs of both virtualized and physical data stores.
Having a strong security program designed for a virtualized IT environment can help protect organizations against one of the fastest-growing threats: ransomware. Abnormal user access patterns can often indicate the presence of malware and rogue users. By closely monitoring its virtual environment, an organization can detect suspicious behavior and proactively protect its virtualized data in the midst of a ransomware attack.
But regardless of the type of security risk involved, ensuring that data is fully protected in a virtualized environment makes good business sense.