Kaspersky Lab Survey Finds IT Professionals Lack Knowledge About Virtualization Security
19 Aug 2014
According to a Kaspersky Lab global survey, IT professionals who claim to have expert-level knowledge of IT security appear to have a gap in their knowledge around virtualization security. Approximately one-third of these respondents expressed a “clear understanding” of light agent virtualization security or agent-based virtualization security models (34% and 30%, respectively). Only one-quarter (27%) of these respondents expressed a “clear understanding” of agentless security models. With such a relatively small portion of self-proclaimed security experts feeling confident in their understanding of the three major virtualization strategies, it seems the IT security industry still has work to do with regard to educating the workforce.
It should be noted that between 40% and 50% of respondents reported a “reasonable understanding” of agentless, agent-based, and light agent virtualization security. This indicates that there is at least a good baseline awareness of the technologies. But unfortunately, that leaves an alarming 25%-31% of IT security experts reporting that they have “no understanding” or “weak understanding” of these virtualization security platforms.
Traditional Security for Virtual Machines
The survey results, which can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualization summary report, also pointed to real-world results of this perceived knowledge-gap. One difference can be seen by surveying two groups of IT professionals: those with fully implemented virtualization security, and those with partially implemented virtualization security solutions. The vast majority (58%) of fully implemented virtualization security solutions were conventional agent-based…the style used to protect physical endpoints. But when asking IT professionals who had only partially implemented a virtualization security solution, the rate of conventional agent-based usage was cut in half to 29%, and newer, more efficient technologies such as light agent and agentless security were used more frequently. This tells us that businesses are just beginning to adopt new styles of virtualization security technology, and their implementation is being slowly phased in.
Perceptions Holding Back Adoption of New Security Technology
The survey data also pointed to a root cause of the low awareness of specialized virtualization security technology. When IT professionals were asked why they had not adopted a security solution designed specifically for their virtual environments, the two most common answers both pointed to the same conclusion: “our existing anti-malware doesn’t give us problems, and protects more effectively than specialized solutions. ” However, third-party testing indicates that these beliefs are misguided and may rely on outdated beliefs that create performance pitfalls for enterprise-level virtual environments.
For example, in a study performed by independent security testers AV-Test, performance testing compared the results of two “traditional” security deployments – using a software agent on each virtual machine – against Kaspersky Lab’s light agent approach, which shifts the burden of most security tasks away from the endpoint to a separate appliance. All three solutions detected threats similarly well when performing basic AV tasks…but the differences in performance were huge. The test found that the traditional security measures consumed between 40%-65% more system resources than Kaspersky Lab’s specialized virtual security solution when protecting multiple machines, and could take up to twice as long to boot up virtual machines in heavy load situations.
IT managers and executives are encouraged to learn more about how agentless and light agent security options can significantly boost virtualization ROI by visiting Kaspersky Lab’s virtualization security product page.