Server virtualization technology is great because it increases server utilization, reduces costs, allows efficient management through automation, yadda yadda yadda.
Yes, we've all been told about the benefits, but what about the drawbacks?
In fact, we don't hear much about the drawbacks to virtualization from VMWare, Microsoft or any of the other server virtualization technology vendors — or even from this column.
So today we're going to correct that to a degree, with a little help from the good people at Kaspersky.
You see, Kaspersky has done some research into the security of virtual infrastructure, and what it reveals is a little concerning. There are also some very interesting statistics.
At this point, it's worth mentioning that Kaspersky Labs is a security company that sells security products, which a cynic might say could have a bearing on the research. Nonetheless, its report makes for interesting reading at the very least.
The key finding of the report is all about costs, and here's what it found: businesses pay twice as much to recover from a security breach if virtual infrastructure was involved. Enterprises pay more than $800,000 on average to recover from a security breach on virtualized infrastructure, which is double the figure for incidents involving only physical infrastructure.
And SMBs are affected in the same way: recovery costs an average of around $60,000 if virtualized infrastructure is involved, but just $26,000 if it isn't.
Now that, you could argue, is a significant drawback. It may not be enough to outweigh the many touted benefits of virtualization, but it's a drawback worth mentioning.
Why Recovery Costs Are Higher in Virtualized Environments
The obvious question then is why are recovery costs so much higher in virtualized environments? The report suggests three main reasons:
- The fact that virtual infrastructure is used extensively for mission-critical operations, which are expensive to recover from. That's because breaches to mission-critical infrastructure are more likely to damage credit rating and company reputation, cause a loss of business opportunities and ability to trade, and otherwise negatively impact the business.
- The complexity of securing virtual environments means that only about half (56%) of companies are fully prepared to deal with security risks in a virtual environment.
- The lack of understanding of the risks specific to virtual environments. Again, only about half (52%) of company representatives feel they fully understand the risks.
Some interesting statistics also came out of the report. For example:
- 42% of businesses think virtual environments are safer than physical ones, despite the difficulty of understanding the specific risks of virtualization and the additional complexity involved in securing them.
- 73% of businesses are not using specialized IT security solutions designed for virtualized environments.
There's also some interesting numbers relating to virtualization in general. For example:
- 77% of companies with more than 1500 employees use virtual infrastructure in some form or another.
- VMware is the most popular virtualization platform, used by 40% of the companies, followed closely by Microsoft's Hyper-V with 36%. XenServer and Xen make up another 15%, followed by KVM-based solutions with 9%.
Despite KVM's relatively low market share, it's worth noting that it is the platform that 29% of companies are most likely to adopt in the next two years, the report found. By contrast, only 16% are likely to adopt Hyper-V and 13% are likely to adopt VMware.
Surprisingly, 29% are also likely to adopt Xen or XenServer, the report found.
The Security Of Virtual Infrastructure report by Kaspersky Labs and B2B International questioned 5,564 IT specialists from 35 countries around the world, and it can be downloaded for free.
Paul Rubens is a technology journalist and contributor to ServerWatch, EnterpriseNetworkingPlanet and EnterpriseMobileToday. He has also covered technology for international newspapers and magazines including The Economist and The Financial Times since 1991.