Overview:

In theory, 2009 should be the year that virtualization security (VirtSec) takes off: Server virtualization has been widely deployed. VirtSec products are ready. The VirtSec vendor list has doubled since 2008. There’s just one catch: Enterprises aren’t currently planning to deploy the technology. Only 10% of the organizations that participate in Nemertes’ virtualization research have deployed VirtSec--and fully 70% have no plans to do so. Why not? As Strother Martin said in the Movie Cool Hand Luke, “What we have here is a failure to communicate.”

Vendors have been positioning their solutions by focusing on potential virtualization vulnerabilities. Yet that’s not what enterprises care most about. In fact, the overwhelming response to the vendor vulnerability message is “so what’s the big deal?” Instead, what’s top of mind for enterprise IT practitioners is compliance, yet most VirtSec vendors aren’t articulating the ways in which their products can help enterprises address compliance concerns. What’s not top of mind – and should be - is that virtualization makes the strong perimeter defense obsolete.

Author(s): Ted Ritter, Senior Research Analyst

Keywords: Virtualization Security, Defense-in-Depth, GLBA, HIPAA, PCI, Compliance

Vendors mentioned: Altor, Apani, Brocade, Catbird, Centrify, Check Point, Cisco, Citrix, Configuesoft, HyTrust, IBM-ISS, Juniper, Lancope, LogLogic, McAfee, Microsoft, NetIQ, Red Cannon, Reflex Systems, Shavlik, Sourcefire, Stonesoft, Third Brigade, Tripwire, VMware Enterprise Networks (Enterysys), Stonesoft, Vericept.

Clients: Read This Key Trends: Key Trends: Virtualization Security

Nemertes Key Trends are available to clients only. If you're not a client and would like to receive a copy of the Key Trends, please contact us.