Accountability for Virtualisation Security a Tug of War, According to Tripwire Survey

Tripwire, a leader in configuration assessment and change auditing for virtual environments, surveyed enterprise IT professionals to assess how vigorously virtualisation is expanding within production server environments and to measure how security, change controls and compliance requirements are keeping pace. More than 90 percent of those interviewed said that virtualised servers are now deployed in their production environments. In fact, three of four respondents reported that up to half of all their production servers are now virtualised.

While more than 80 percent of respondents said their change management and compliance controls are no different between physical and virtual infrastructure, and 26 percent felt security controls for virtualised servers are actually more stringent, responses indicate that a "tug of war" may be underway over who is accountable for security and controls for virtual servers. Just half of those surveyed felt that ensuring security, change control, and compliance for virtual servers is the responsibility of system administrators and their management. On the other hand, 37 percent of those associated with the Security group claim responsibility for security controls.

Moreover, a serious issue waits for some organisations deploying virtual servers in production environments. The majority of respondents agree that security risks for virtual servers are the result of misconfiguration, not inherent weaknesses of virtualisation technology.

"If an increasingly overworked IT staff is more likely to make mistakes, and configuration errors are the cause of security exposures in virtual servers, then IT management must consider how they can mitigate this risk," said Mark Gaydos, Tripwire VP of Marketing. "As more of the production workload becomes virtualised and those managing virtual servers continue to be overwhelmed, it is apparent that automated configuration control must play a larger role to ensure appropriate server configuration and adequate security."

A majority (69 percent) of respondents agreed that dedicated configuration tools are needed to ensure proper configuration of virtualised servers, with two-thirds of these respondents noting they are in the process of evaluating or planning to acquire such tools over the next 12 months.

The Tripwire survey report, "Is Virtualisation Under Control: Current Opinions on Security and Controls for Virtual Servers in production Environments", can be downloaded for free at

 [August 22, 2008]

Send this IT news to a friend
Recipient :
(enter the e-mail address of the recipient)

(enter your name)

(enter your e-mail address)


Other IT news about Tripwire

  • Tripwire and PAS Announce Technology Partnership and Integration (May 22, 2014)
  • Digital River Launches E-Commerce Operations for Tripwire (June 25, 2009)
  • Tripwire Launches vWire, a Virtualization Management Solution to Monitor, Manage, and Automate Virtual Infrastructure (June 10, 2009)
  • Tripwire Announces Planned Support for Microsoft System Center and Windows Server 2008 Hyper-V (September 10, 2008)
  • Accountability for Virtualization Security a Tug of War, According to Tripwire Survey (July 30, 2008)
  • Tripwire Achieves Security Certification From the Center for Internet Security (August 30, 2007)

    Website based on SPIP, an Open Source program under GNU/GPL licence