(David Heath, ITWire) You'd think that a virtualized environment would be a safe way to encapsulate a server, but that appears to be far from the truth. Earlier this year, Gartner released its own research  into the security of virtualized environments.  The results weren't pretty.  Gartner estimated that by 2012, 60% of virtual servers will be less secure that the physical servers they replace, although this is expected to drop to 30% by the end of 2015.

The Gartner report identified six major categories of risk:
- Information security isn't initially involved in the virtualization projects
- A compromise of the virtualization layer could result in the compromise of all hosted workloads
- The lack of visibility and controls on internal virtual networks created for VM-to-VM communications blinds existing security policy enforcement mechanisms
- Workloads of different trust levels are consolidated onto a single physical server without sufficient separation
- Adequate controls on administrative access to the hypervisor/VMM layer and to administrative tools are lacking
- There is a potential loss of separation of duties for network and security controls

"Virtualization is not inherently insecure," said Neil MacDonald, vice president and Gartner fellow. "However, most virtualized workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants."  However, according to a BeyondTrust spokesman, "that hasn't stopped 90% of virtualized data centers from putting their most sensitive data on virtualized servers."