A recent report by Kaspersky Lab finds that the recovery costs for a security incident involving virtual machines (whether a public or private cloud environment) double compared to costs of a traditional environment.  The reasons for the higher costs involve erroneous assumptions by security professionals managing those virtual environments.

 

The report finds that many IT professionals incorrectly assume that virtualized servers are more secure than their traditional counterparts.

  • 42% of IT professionals said that risks in virtual environments were “significantly lower.”

 

Another reason for higher costs is that companies are prepared for disaster-recovery plans with traditional infrastructures, but not as much with their virtualization environments because they limit the virtualization project to virtualization only and postpone disaster recovery, fault tolerance and security until later.

  • According to Andrey Pozhogin, senior product marketing manager at Kaspersky Lab, “Virtualization can be expensive, complicated and lengthy and it’s very tempting to just focus on one thing at a time.”

 

The report also finds that reasons for higher costs are that virtualization is used for mission-critical and high-value processes making any disruption within that infrastructure halt all processes until the disruption is resolved.

  • 66% of IT pros said that they lost access to business critical information during an incident involving virtualization, compared to 36% in a traditional environment.

 

To sum up the three main reasons for double the costs with security breaches of a company’s virtual environment, the conclusion is unpreparedness.  This is backed up by the fact that only 27% of IT professionals have deployed a security solution specifically designed for virtual environments (another finding from the Kaspersky Lab report).

 

When organizations don’t set up a recovery plan and security measures alongside their integration of a virtual environment for data storage, such as the use of cloud, they’re just waiting for disaster to come along and shut them down.

 

If those in charge of tech and data security, like the CIO or the CTO, realize that virtualization requires its own set of security solutions and disaster recovery plans, then the costs of breach incidents in those environments can go down.  Until then, businesses can not only expect to pay double the costs for breach, but also to lose brand reputation and customer trust.

 

When you find that the average costs to cover a security breach involving virtualization is an average of $800,000 compared to $400,000 in traditional environments (as pointed out in the Kaspersky Lab study), it becomes quite clear what companies can save when taking the right disaster recovery and data security steps.

 
How are you preparing your disaster recovery and security for virtualization?

 

Photo courtesy of watcharakun