Research published today by data governance software developer Varonis reveals that, when it comes to the virtualized environment, security awareness appears to be something of a black hole.

The study found that data security in these virtualized environments can all too often be totally neglected, and some 48% of IT organisations reported or suspected there had been unauthorised access to files kept on virtual servers. The findings suggest that when it comes to awareness of security matters regarding virtualized servers and the data stored upon them, the harsh truth of the matter is that there is very little. Indeed, the survey found that 70% of those questioned had 'little or no' auditing in place for example.

When you consider that Gartner reckons there are now in excess of 50 million Virtual Machines installed on servers, it should come as no surprise to discover that 87% of respondents to the Varonis study said their application servers were already virtualized. The reasons for this virtualization being mainly a combination of deployment speed (76%) and disaster recovery potential (74%). Yet file security appears to be neglected almost across the board.


Sure, nearly 60% did claim to be "very careful about setting permissions and controlling subsequent updates" there's no escaping from the fact that 70% had implemented little or no auditing regardless of the company size. A statistic made all the more surprising by the revelation that in enterprises of more than 5,000 employees some 20% admitted to having "no file logging capabilities in place" at all.

Yet, against this backdrop of security ignorance, 48% had either reported or suspected that unauthorized access to files on those virtualized servers had taken place, putting sensitive company information at risk. Even when it comes to those companies that do audit their virtualized environments, a rather large 68% thought there had been unauthorized access.

"We suspect that for IT departments, virtualization may be something of a black box. We have found that, after a workload is virtualized, the actual details of managing file permissions and monitoring access is considered to be automatically ‘taken care of’. It is also quite possible that the teams managing virtualization projects see file security and governance as outside their discipline. The security team may have no visibility of what is happening”, said David Gibson, VP of Strategy at Varonis.

Edited by happygeek: unstuck

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

5 Years
Discussion Span
Last Post by vibinpattuath

Yet, against this backdrop of security ignorance, 48% had either reported or suspected that unauthorized access to files on those virtualized servers had taken place, putting sensitive company information at risk.

That's not good there's no firewall how can no one not install a firewall and a filter that will not let people access those files.

What a kind of business runs like that.


Great article. I would add that incorrect file system permissions
provide a way to infect other domains as well in addition to the
hacked one.

Shared Hosting issues; hacked website allows access to all websites installed on the same server

We named this as one of the seven reasons for successful hacking research:


I am not sure why people would view a virtualized server any differently than a physical server when it comes to security. It is still the same OS as it was when it was physical and should still be operated the same way. VMware, Citrix, KVM, or whatever hypervisor you are using does not automate the operation of the server itself. Normal sysadmin best practices still apply.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.