A Kaspersky Lab survey of 3 900 IT professionals worldwide Financial Services and Healthcare are the two business sectors most likely to see security concerns as a barrier to implementing IT virtualization technology.
When asked about attitudes toward emerging technology trends, 50% of Financial Services respondents agreed that security concerns were hindering their adoption of virtualization technologies, followed closely by 49% of Healthcare industry respondents. These were the two highest response rates to this question, compared to a global average of 40% of all remaining non-industrial sectors[1] (43% with industrial sectors[2] included).
Conventional wisdom would suggest that security concerns toward new technologies might resonate strongly in Financial Services and Healthcare, since both sectors manage huge amounts of highly-sensitive user data. Moreover, both these sectors are bound by strict compliance laws governing the protection and access of their corporate data. In fact, the Financial Services and Healthcare sectors also ranked the highest in their response to another issue: being overwhelmed by compliance requirements, with response rates of 40% and 38% respectively. The remaining non-industrial segments had an average response rate of just 27% to “being overwhelmed by compliance requirements” (31% with industrial sectors included). This data suggests that concerns over potential compliance issues could be fueling the perceived “security concerns” that the survey found to be associated with new virtualization technology.
Interestingly, these two sectors, which seem so reluctant to implement new virtualization technologies, don’t seem overly concerned about securing the virtual machines they already have. In the Financial Services industry, “Security of Virtualized Infrastructure” was listed as a top IT security concern by only 16% of respondents, and only 12% in Healthcare, compared to an overall average of 14%. Why the disparity? The answer could be attributed to the attitude of “if it’s not broken, don’t fix it.”
Kaspersky Lab has previously reported that a large portion of IT professionals lack a strong understanding of virtualization security. The survey found at least one-quarter of all IT professionals had “no understanding” or “a weak understanding” of their virtualization security options, and the vast majority of existing virtualized infrastructure was being protected by traditional “agent-based” security. Agent-based security is the same style of security used to protect physical endpoints, but can result in performance issues and security gaps when applied to virtual machines.
Based on this data, we can theorise that IT providers in the compliance-heavy Financial Services and Healthcare sectors are concerned that adding new virtual platforms to their networks may require virtualization-specific security measures, which they don’t fully understand. If this theory is correct, IT departments in the Financial Services and Healthcare sectors aren’t reaping the potential benefits that virtualized infrastructure can bring to their networks based on a fear of unfamiliar security technology creating compliance issues and other risk-factors.
Modern virtualization security platforms, based on agentless and light agent approaches, can actually reduce the complexity of managing virtual networks, boost overall network performance and can be customised to ensure that security requirements of compliance regulations are fully met. Kaspersky Lab’s business center offers a number of resources to help explain different styles of virtualization security, as well as other guides to help CISOs deploy the best virtualization platforms across their network.
A full list of industry-specific attitudes towards new technology trends were published in Kaspersky Lab’s 2014 IT Security Risks summary report
[1] Non-industrial business sectors: IT/Software; Financial Services; Business Services; Education; Healthcare; Consumer Services; Real Estate; Media & Design; Non-Profit/Charitable; E-Commerce/Online Retail; Other
[2] Industrial business sectors: Manufacturing; Construction/Engineering; Government/Defense; Transportation/Logistics; Telcoms; Utilities & Energy