More than half of all businesses do not know if staff are running virtual desktops, according to latest research from IT security and control firm Sophos.
Sophos claims that virtualisation represents a ‘black hole’ in IT security and firms are leaving themselves exposed to cyber attacks.
The ease with which virtualisation tools can be downloaded, and the subsequent popularity that virtual desktops have taken on, means that many employees are running unauthorised applications – from games to browsers to beta software – with little regard for security necessities.
Richard Jacobs, chief technology officer at Sophos, said: “While employees may simply be trying to get round a ban on social networking or using instant messaging at work, doing so in this way poses a real threat. In fact, uncontrolled and unmanaged virtual computers could lead to potentially disastrous consequences, including corporate identity theft, financial losses and embarrassing headlines.
Given the number of free virtualisation tools on the market, Sophos claims that it is vital for businesses to have complete visibility of the corporate network. Whilst many employees download these tools with little or no malicious intent, the security risk is still significant, unless IT staff are aware of exactly what each staff member is downloading. By this close management and securing of the virtual environment, businesses will negate the risks of virtualisation whilst accentuating the benefits – notably the value for money that it provides, particularly given the current economic climate.
Antony Barke, senior technical engineer at Basildon and Thurrock University Hospitals NHS Foundation Trust, agrees that virtualisation can save money but warns of the security risk of the applications: “It’s essential to secure the virtual environment, just as you would the rest of the corporate network – the same threats exist and this shouldn’t be overlooked.”
Sophos has launched Sophos Endpoint Security and Control in order to give businesses the option to block virtualisation applications.