According to a Kaspersky Lab survey of worldwide IT professionals, virtualization security concerns are receiving more attention from businesses, although some lingering doubts around the need for specialized virtualization security software still remain.
According to a Kaspersky Lab survey of worldwide IT professionals, virtualization security concerns are receiving more attention from businesses. However, some lingering doubts around the need for specialized virtualization security software still remain. The survey results also show that businesses have again arrived at the intersection of performance and security for their IT systems and that balancing these two requirements continues to be a challenge. Using traditional security to protect virtual endpoints appears to be a major cause of performance woes across the IT industry.
The survey results, which can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualization summary report, showed 64% of IT decision-makers agreed that security should be one of the first considerations when rolling out a virtual infrastructure. Prioritizing the security of virtual environments shouldn’t come as a surprise, considering 52% also agreed that virtual environments are increasingly forming a core part of their business IT infrastructure. As more businesses rely on virtual infrastructure for critical day-to-day functions, protecting this virtual infrastructure becomes more important.
However, the survey also indicates businesses are worried that securing their virtual environment sacrifices its performance. In fact, 39% agreed that adding security to virtualized infrastructure makes it run more slowly. A drop in performance is also a major concern for businesses, with 55% reporting that the performance of virtualized servers is critical for their business.
Businesses Using the Wrong Tool for the Job, Causing Virtual Infrastructure Slow-Downs
Virtualization security has arrived at the classic security dilemma: “performance” and “security” are both seen as top requirements for virtual infrastructure, but an increase in security often comes at the expense of performance. However, the survey data also points to a source of widespread virtual network slow-downs:
1) 46% of respondents believe “virtual environments can be adequately protected by conventional security solutions designed to protect physical systems.”
2) 24% of respondents believe “my existing anti-malware solution provides better protection and performance than other specialist solutions.”
These points reveal a widely-held belief that traditional anti-malware, designed for securing physical endpoints, provides adequate protection for virtual networks. However, these points also show that IT managers fail to account for the drain on virtual performance that these physical security solutions can incur. A broader understanding of the performance drain caused by traditional physical security when applied to virtual machines may be the key to boosting virtual infrastructure security levels worldwide. In a study performed by independent security testers AV-Test, performance test results illustrate the difference in using security software designed for physical endpoints to protect virtual machines.
This AV-Test study compared the results of two “traditional” security deployments – using a software agent on each virtual machine – against Kaspersky Lab’s light-agent approach, which shifts the burden of most security tasks away from the endpoint to a separate appliance. All three solutions performed similarly well when performing basic AV tasks…but the differences in performance were huge. The study found that traditional endpoint security solutions took much longer – in some cases almost twice as long – to process numerous virtual desktops booting up at the same time, which is a situation every IT manager encounters around 9:00 AM every work day. The test also found that these “old-school” security measures consumed between 40%-65% more system resources than Kaspersky Lab’s specialized virtual security solution when protecting multiple machines.
Kaspersky Lab believes there is no “one size fits all” solution for any virtual environment, and a mix of protection styles, including agent-based, light-agent, and agent-less can be appropriate given the requirements of each business. IT managers and executives are encouraged learn more about how the wrong solution can hinder virtualization performance by visiting Kaspersky Lab’s virtualization security product page.