IT professionals who claim to have expert-level knowledge of IT security appear to have a gap in their knowledge around virtualisation security.
Approximately one-third of these respondents to a global Kaspersky Lab survey expressed a “clear understanding” of light agent virtualisation security or agent-based virtualisation security models (34% and 30%, respectively).
Only one-quarter (27%) of these respondents expressed a “clear understanding” of agentless security models. With such a relatively small portion of security experts feeling confident in their understanding of the three major virtualization strategies, the IT security industry still has work to do with regards to raising awareness and education.
It should be noted that between 40% and 50% of respondents reported a “reasonable understanding” of agentless, agent-based, and light agent virtualization security. This indicates that there is at least a good baseline awareness of the technologies. However unfortunately, that leaves an alarming 25% to 31% of IT security experts reporting that they have “no understanding” or “weak understanding” of these virtualization security platforms.
The survey results, which can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualisation summary report, also pointed to real-world results of this perceived knowledge-gap. One difference can be seen by surveying two groups of IT professionals: those with fully implemented virtualisation security, and those with partially implemented virtualisation security solutions.
The vast majority (58%) of fully implemented virtualisation security solutions were conventional agent-based…the style used to protect physical endpoints.
Yet, when asking IT professionals who had only partially implemented a virtualisation security solution, the rate of conventional agent-based usage was cut in half to 29%, and newer, more efficient technologies such as light agent and agentless security were used more frequently. This tells us that businesses are just beginning to adopt new styles of virtualisation security technology, and their implementation is being slowly phased in.
The survey data also pointed to a root cause of the low awareness of specialised virtualisation security technology.
When IT professionals were asked why they had not adopted a security solution designed specifically for their virtual environments, the two most common answers both pointed to the same conclusion: “our existing anti-malware doesn’t give us problems, and protects more effectively than specialised solutions” was given by 24% of respondents; answer: “We do not have any issues with the performance of traditional security solutions in our virtual environments” was given by 20% of respondents.
However, third-party testing indicates that these beliefs are misguided and may rely on outdated beliefs that create performance pitfalls for enterprise-level virtual environments.
