More SMBs are virtual, but are they secure?

Two separate surveys suggest the use of virtual servers by small businesses is growing, but they are overlooking security measures in the process.

Reading two very different, vendor-sponsored reports this afternoon about server virtualization from a small-business perspective. The timing of their release is merely coincidental, but it also happens to be very telling. That's because while a growing number of small businesses are virtualizing their server hardware, few are doing it securely.

The first report, from IT services firm CDW, finds that 25 percent of small businesses have opted to add virtualization software to at least some of their servers. Virtual operating systems allow more than one OS to run on a single piece of hardware, which means that you can run more than one server application from a single system. The advantage is the ability to consolidate and better use of existing technology resources.

The CDW report, called "The CDW Small Business Business Virtualization Roadmap," found that the average percent of virtualized servers among smaller companies that HAVE virtualized some of their servers is about 33 percent. That was up from about 28 percent in July 2010. The survey was conducted among approximately 300 small-business IT professionals.

The top reasons for embracing server virtualization?

  1. Replace aging hardware (43 percent)
  2. Consolidate (36 percent)
  3. Improve backup and recovery (35 percent)
  4. Make IT infrastructure more efficient (27 percent)
  5. Reduce IT operating costs (23 percent)

In comments about the data, CDW's vice president of small business sales, Jill Billhorn, said:

"In our survey, two-thirds of small businesses that have virtualized their server environments say doing so has significantly increased the ROI of their IT -- but virtualization also requires new skills and knowledge to manage effectively."

That's where the security angle comes into play. The second report, which originates with security technology giant Symantec, suggests that very few of small businesses that have virtualized their server technology have taken pains to secure it or manage it.
For example, only 15 percent of them back up the data that is being created and stored in virtual environments. Just 40 percent have secured the data on these servers; patch management is a bit challenge for another 56 percent. But here is what could be the scariest number: Almost 80 percent of small businesses that HAVE virtualized have bothered to put antivirus software on those servers.
This data is based on Symantec's survey of approximately 658 companies in 28 different countries. It is obviously self-interested in this topic because of its market position, but realistically the data is telling: Not enough small businesses are remembering the security component when they move to virtual server environments.
Here's the thing: Security is one of those challenges that grows exponentially as you add more software. Just because you are consolidating hardware doesn't absolve your organization of applying security measures to all of the different software applications and operating systems on that single system.
If anything, it might even require security, something your organization should not overlook in this age of exacerbated cybersecurity threats.
Show Comments