Virtualization can double data breach costs, says Kaspersky Lab

If your company suffered a data breach tomorrow, how much would you be prepared to pay to recover from the damage?

According to a new survey from Kaspersky Lab, the estimated cost of an enterprise data breach is $800,000, with remediation costs bringing the average closer to $1 million. One of the reasons for this high cost may surprise you: in a survey of more than 55,000 global companies, 62 percent use virtualization in some form, but only 56 percent are fully prepared to deal with security risks in a virtual environment.

Why companies turn to virtualization

As noted by Kaspersky, “going virtual is not a trend anymore, but a business practice.” Moving data to virtualized infrastructure is an ideal solution for many companies; virtualization can help cut data center costs, improve performance and consolidate server workloads on powerful computing platforms. However, it can also spur data growth and add complexity and complications to data management and backup processes. Data can easily become misplaced or go dark, increasing the chances of sensitive information becoming exposed in a breach. And yet, according to Kaspersky, 42 percent of companies surveyed believe that virtual environments are safer than physical ones.

The secondary costs of a breach

Virtualized environments are often home to highly sensitive information and mission-critical operations. In the aftermath of a security attack, affected companies pay to account for stolen data and lack of access to it, plus additional issues like credit score damages, increased insurance premiums, lost business opportunities, decreased reputations and resulting legal issues. Kaspersky finds that costs tend to accumulate when companies underestimate today’s dire security landscape, or lack understanding of ways to secure virtual infrastructure.

How to secure your virtualized environment

Only 27 percent of respondents to Kaspersky’s survey had deployed a virtualization-aware security solution. One of the leading approaches to virtualization security involves agent-based software, in which a security “agent” is installed on every one of the company’s virtual machines (VMs). While this approach adds extensive security features at the infrastructure level, it is rarely resource-conscious and may negatively affect the company’s consolidation ratio. Others employ only traditional security solutions, such as endpoint protection, without acknowledging the increased risk of a breach.

When a security attack on virtualized infrastructure costs twice as much as one targeted only at physical servers and endpoints, it’s not enough for companies to simply hope for the best. As explained in the report:

“Virtual environments are trusted more than physical servers, and nothing can be trusted in a grim security environment. This leads to higher recovery costs and inefficient security approaches being deployed. In turn, poor decisions affect ROI and may lead to disappointment in virtualization in the future, an attitude virtual infrastructure does not deserve.”

Kaspersky’s results show that it’s more critical than ever for companies to protect their private and sensitive information at the data level and at the point of storage, whether it’s physical or virtual in nature.

Watch a demo to learn how data-aware storage can secure your virtual machines and file shares.

  Like This

Perry Dickau

Former Director of Product Management for DataGravity, Perry provided guidance on product direction and development, as well as on technologies, standards, best practices, and industry trends for data governance, risk management, and compliance. He previously served as a product manager at AvePoint and holds a Bachelor of Science in electrical and computer engineering from the University of New Hampshire.