The research report revealed that a staggering 87% of businesses surveyed were struggling to keep their virtualised systems secure, with almost half of the respondents surveyed admitting that they were not well informed about the differences between security solutions for virtual environments and those for physical.
To this end, the report showed over one-fifth of security professionals lacked the know-how or confidence to manage security in a virtual environment. Businesses also did not have the tools required to keep their virtualised environments secure, were using legacy physical security systems, and were battling to manage the complexity inherent in a virtual implementation.
"Of those surveyed by Trend Micro, the majority believe that a lack of resources and awareness around 'virtual' security threats are the biggest challenges that they face in this world of virtualisation, and they feel that they are largely unprepared for what securing this environment entails. This, of course, has a knock-on effect when it comes to selecting, implementing and managing security," said Gregory Anderson, country manager of Trend Micro, South Africa.
The Trend Micro research also reveals that well over 50% of businesses are prioritising cost and ease of use over effectiveness when selecting a virtual security solution. Effectiveness at detecting and preventing threats ranked at only the third-most-important purchasing consideration, and yet 63% of enterprises surveyed believed that the virtualised environment needed stronger security measures.
According to Trend Micro it is essential that organisations place effectiveness and threat detection and prevention right on top of their selection criteria when choosing a security solution for their virtual environment. The best virtual security solutions combine affordability and ease of use with effectiveness, along with a threat service to identify potential issues and attacks before they happen, they do not differentiate between the importance of these.
There is also a lack of consistency when it comes to who is responsible for securing an organisation's virtual machines, with all those surveyed showing a clear lack of understanding as to where the responsibility for the VMs lies. This was particularly prevalent with customers who currently host their VMs in third-party data centres.
"Given that third-party hosting of virtual machines isn't exactly a new concept, it is surprising that organisations are still unsure over where responsibility lies for security management," he added. "Only under half of the respondents understood that the onus of this lay with both the organisation and the data centre provider, signalling that industry-wide guidelines need to be put in place that provide businesses with clarity around this area. Data centre managers cannot simply expect their organisation's most valuable asset to 'hopefully' be secured by a third-party supplier."
It is here where Trend Micro provides its customers access to its Deep Security solution specifically tailored for virtualised and cloud environments. Deep Security delivers a comprehensive, adaptive, highly-efficient agentless and agent-based protection, including anti-malware, intrusion detection and prevention, firewall, web application protection, integrity monitoring, and log inspection. When deployed it assists customers to accelerate their virtualisation investments, minimise the security impact, ensure cost-effective compliance and allows them to move safely to the cloud.
To summarise, the survey clearly indicates that businesses should not rely on old technologies, systems and procedures to secure new and virtualised environments. It also highlights that greater investments need to be made in virtual security, as well as the fact that policies and procedures must be put place for the effective management of security within the on or offsite data centre as well as your virtual environment.
Trend Micro commissioned Vanson Bourne to survey 100 UK, French, German and Benelux enterprise organisations with in excess of 1000 employees. Participating companies were spread across sectors and size bands, with 75 private and 25 public sector organisations included. Half of the IT decision makers included are responsible for security, while the other half are responsible for the data centre. The survey was conducted in October 2013.
