Third-party hosting and maintenance used to manage virtualization

Less than one-third of businesses keep their virtualisation servers on-premises and managed entirely by their own internal IT staff, according to a Kaspersky Lab survey of 3,900 IT professionals worldwide. As virtual infrastructure increasingly handles more business-critical services, the reliance on external hosting and management services raises potential security concerns, particularly for smaller businesses.

  • 10 years ago Posted in

Off-site vs. On-Premises: Based on Business Size
According to the more than 2,000 survey respondents who use virtual servers, only 29 per cent report that their physical machines were located within the walls of their business and maintained by only internal staff. On the opposite end of the spectrum, 17 per cent of businesses rely completely on third-party contractors to house and maintain their virtual servers and services. By far, the largest proportion of businesses - approximately 50 per cent - rely on a mixture of third-party hosting and maintenance.


It should come as no surprise that the vast majority of businesses are using hosting services in some capacity for their virtual infrastructure. The benefits of reduced cost and complexity for most IT departments are clear, and these service providers can more easily add capacity to support growing businesses. When examining the responses based on the business size, the data supports the conventional wisdom that smaller companies, which have fewer IT staffers and a smaller IT budget, are more likely to use a third-party provider, whereas larger companies are most likely to manage their virtualisation servers and services in-house. It’s clear that small businesses are most likely to rely solely on third-party providers to provide and manage all of their virtual computing needs.


To give a few examples, 41 per cent of small businesses report using a third-party service to store all of their virtual servers at an off-site location, compared to just 26 per cent of enterprises. For maintaining these virtual servers and the services they provide, 33 per cent of small businesses rely completely on their third-party hosting provider, compared to just 18 per cent of enterprises. Interestingly, very similar rates of both small businesses and enterprises use a mixture of in-house and external resources for storing virtual servers (23 per cent for small business, 29 per cent for enterprise) and maintaining the servers (31 per cent for both small businesses and enterprises).


Critical Business Data Stored in the Cloud
As most businesses are content to store data beyond their own walls, it’s important to understand exactly what types of data are being entrusted to third-party providers. Kaspersky Lab has previously reported that virtualisation is rapidly becoming used for more than just IT department tasks, as 52 per cent of survey respondents agreed that virtual environments are now housing core elements of business IT infrastructure. Kaspersky Lab’s survey investigated what business functions are being implemented on virtual infrastructure, and found this perception was indeed correct.


According to the responses of businesses using some form of virtualisation, these are the rates that services/applications are being implemented on virtual infrastructure compared to physical infrastructure:
· Email and communications applications (e.g., Microsoft Exchange) – 68 per cent using virtual infrastructure
· Database applications (e.g., Microsoft SQL Server and Oracle) – 65 per cent using virtual infrastructure
· Customer relationship management (CRM) platforms – 65 per cent using virtual infrastructure
· Financial management/accounting applications – 56 per cent using virtual infrastructure


It’s clear that businesses are very willing to put their most precious business data in virtual environments, and in turn, trust the management of these virtual environments to third-party providers. Are these businesses paying close enough attention to what their providers are doing enough to safeguard their business’s life-blood? This is a particularly worrisome question for SMBs, who likely lack the resources and sophistication to implement their own internal security measures and effectively evaluate the measures of their virtualisation providers.


Here are some basic steps that SMBs can take to ensure the security of virtual networks on their own end, and to put appropriate scrutiny on the security measures of their third-party providers.


· Become familiar with expert resources on cloud security management. This paper from the Cloud Security Alliance, “The Notorious Nine: Cloud Computing Top Threats in 2013,” is a good place to start gathering information about threats to cloud-based data.
· Perform a thorough assessment of the security measures of any prospective virtualisation services provider, and ensure they conform to industry standards like ISO 27001 and CSA STAR.
· Install a multi-layered security suite featuring heuristic and behavioural antivirus protection, host intrusion prevention system (HIPS), and protection against vulnerability exploitation on each workstation on the network.
· Ensure that data leaving the on-site infrastructure is sent using secure connections, or VPN connections for mobile users.


To ensure that businesses themselves don’t become the “weak link” in a virtualised environment, Kaspersky Lab continues to create new technologies that businesses can use to extend their own protection to data stored in off-site datacenters. Kaspersky Lab has also spent years working with leading virtualisation platform providers to develop specialised security solutions to meet the unique security and performance requirements of virtual environments.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and...
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets...
Research from Avast has found that employees in almost a third (31%) of Small and Medium...
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53%...
Trend Micro has published new research revealing that 90% of IT decision makers claim their...
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real...