Analyzing the Centrify Survey as it Relates to Virtualization Security
Friday, September 18, 2009
In my last blog post I provided some analysis on the recent Centrify Survey as it relates to the state of the virtualization market. In this blog post I will analyze the results as it relates to customers' thoughts re: virtualization security. Not surprisingly, IT Professionals are concerned about security of this new technology. While a majority of respondents answered security questions positively, a significant minority either declined to assert a positive outcome, or hedged their answer out of unsureness about how secure their virtual environment is.
Key datapoints of this part of the survey revealed:
- Only 56% asserted that they don't share passwords suggesting that 40% may do so.
- 31% are confident that they have no orphan accounts, suggesting that 69% are unsure.
- 50% are satisfied with their ability to manage privileged user accounts.
The tone of the responses was consistent: we are going to virtualize and do our best to shore up our security as we go forward.
OK, lets dig into some of the answers to the questions we asked:
1. Please respond to the following statements regarding security and compliance of your physical servers (One OS per device) compared to your virtual servers.
Observations: Most respondents (between 71.5% and 80.2%) "agreed" or "agreed strongly" that their systems were secured from unauthorized access and met compliance requirements. However, less than 30% in each instance were completely confident in their security and compliance.
2. When deploying virtualized systems, which of the following are potential concerns for you? (Select all that apply.)
Observations: Considerations of configuration, performance and system management are the dominant concerns as people add virtual systems, but close behind are issues of security and compliance.
3. How are security issues affecting your plans to deploy virtualization within your organization?
Observations: As the CSO of an enterprise with thousands of servers and tens of thousands of people noted in one of his responses to the survey, "We are playing catch-up, cost drivers pushed virtualization without [us] properly looking at [the] security impact.
4. Rank each of the issues below on their likelihood of slowing down your virtualization deployment. (SCALE 1 = will not slow down deployment; 5 = will slow down deployment.
Observations: Budget was the most likely show stopper related to deploying more virtual servers, followed closely by operational issues, security, compliance and concerns about staffing.
5. In general, across your virtual and physical UNIX/Linux systems, how are Access Control and Security Policies enforced?
Observations: The diversity of solutions that people are using reflects their concerns about security. The average respondent is using at least 5 of the solutions above to enhance the security of their environment.
6. For the following statements, which of these apply or are TRUE for your organization? Please select all that apply.
Observations: There is some ambiguity in some of these responses: if only 30% have never failed an audit, it suggests that 70% of them have failed. But we don't know how many of the other 70% have never been audited. However, the difference between those who asserted something was true and those who did not describes a disconcerting reality. It suggests that:
- 40.2% of sites share root passwords.
- Nearly half (47.9%) aren't sure they can audit their virtual servers.
- 50% are dissatisfied with their ability to manage privileged accounts.
- 69.4% suspect they have orphaned accounts.
Yikes, 40% share root password, I think some superuser privilege management is needed!
< Previous Article: Analyzing the Results of the Centrify Survey on the Virtualization Market
> Next Article: Supporting Snow Leopard: The ISV Litmus Test
While all the above features make DirectControl for Mac a tempting solution, the fact that it includes a range of group policies that can be used to secure and manage the Mac OS X environment is what makes it an excellent solution. DirectControl for Mac uses group policies that integrate with the client-side components of Apple's managed preference environment. ... Having had the opportunity to work with both the existing set of group policies and to see a preview version of the upcoming expanded set, I was amazed at Centrify's success. The experience of managing Macs was exactly the same as managing Windows computers using group policies. Any experienced Active Directory administrators, even those who have no Mac support experience, will feel completely at home. Any experienced Mac administrator will also notice that Centrify has managed to mirror the preference management component of Mac OS X Server's Workgroup Manager.
Ryan Faas
ComputerWorld
March 29, 2007