Kaspersky Lab Survey: Healthcare and Financial Services Sectors Struggle with Virtualization Security Concerns

Woburn, MA – September 17, 2014 – According to a Kaspersky Lab survey of 3,900 IT professionals worldwide, Financial Services and Healthcare are the two business sectors most likely to see security concerns as a barrier to implementing IT virtualization technology. 

Sensitive Data Causing Virtualization Reluctance

When asked about attitudes toward emerging technology trends, 50% of Financial Services respondents agreed that security concerns were hindering their adoption of virtualization technologies, followed closely by 49% of Healthcare industry respondents. These were the two highest response rates to this question, compared to a global average of 40% of all remaining non-industrial sectors[1] (43% with industrial sectors[2] included).

Conventional wisdom would suggest that security concerns toward new technologies might resonate strongly in Financial Services and Healthcare, since both sectors manage huge amounts of highly-sensitive user data. Moreover, both these sectors are bound by strict compliance laws governing the protection and access of their corporate data. In fact, the Financial Services and Healthcare sectors also ranked the highest in their response to another issue: being overwhelmed by compliance requirements, with response rates of 40% and 38% respectively. The remaining non-industrial segments had an average response rate of just 27% to “being overwhelmed by compliance requirements” (31% with industrial sectors included). This data suggests that concerns over potential compliance issues could be fueling the perceived “security concerns” that the survey found to be associated with new virtualization technology. A full list of industry-specific attitudes towards new technology trends were published in Kaspersky Lab’s 2014 IT Security Risks summary report.

The Virtualization Knowledge-Gap

Interestingly, these two sectors, which seem so reluctant to implement new virtualization technologies, don’t seem overly concerned about securing the virtual machines they already have. In the Financial Services industry, “Security of Virtualized Infrastructure” was listed as a top IT security concern by only 16% of respondents, and only 12% in Healthcare, compared to an overall average of 14%. Why the disparity? The answer could be attributed to the attitude of “if it’s not broken, don’t fix it.”

Kaspersky Lab has previously reported that a large portion of IT professionals lack a strong understanding of virtualization security. The survey found at least one-quarter of all IT professionals had “no understanding” or “a weak understanding” of their virtualization security options, and the vast majority of existing virtualized infrastructure was being protected by traditional “agent-based” security. Agent-based security is the same style of security used to protect physical endpoints, but can result in performance issues and security gaps when applied to virtual machines. Based on this data, we can theorize that IT providers in the compliance-heavy Financial Services and Healthcare sectors are concerned that adding new virtual platforms to their networks may require virtualization-specific security measures, which they don’t fully understand.

If this theory is correct, IT departments in the Financial Services and Healthcare sectors aren’t reaping the potential benefits that virtualized infrastructure can bring to their networks based on a fear of unfamiliar security technology creating compliance issues and other risk-factors. Modern virtualization security platforms, based on agentless and light agent approaches, can actually reduce the complexity of managing virtual networks, boost overall network performance and can be customized to ensure that security requirements of compliance regulations are fully met. Kaspersky Lab’s business center offers a number of resources to help explain different styles of virtualization security, as well as security and legal compliance whitepapers and other guides to help CISOs deploy the best virtualization platforms across their network.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide.Learn more atwww.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Stephen Russell
781.503.1833
stephen.russell@kaspersky.com

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012.

[1] Non-industrial business sectors: IT/Software; Financial Services; Business Services; Education; Healthcare; Consumer Services; Real Estate; Media & Design; Non-Profit/Charitable; E-Commerce/Online Retail; Other

[2] Industrial business sectors: Manufacturing; Construction/Engineering; Government/Defense; Transportation/Logistics; Telcoms; Utilities & Energy