Virtualisation security low priority in education, non-profit sectors

• Charities and schools stand to benefit the most from virtualised IT infrastructures
• Yet they have lowest levels of adoption, security not within top 3 priority for most

ACCORDING to a Kaspersky Lab survey of more than 3,900 IT professionals worldwide, companies in the non-profit/ charitable and education sectors rated virtualisation security as their lowest IT security priority.
 
In fact, their rankings of virtualisation security were the lowest recorded across all business sectors, the company said in a statement.
 
The survey data suggests that both sectors had different factors influencing this indifference to virtualisation security, and also shows which IT security factors are seen as top priorities, Kaspersky Lab said.
 
The non-profit and education sectors provide an interesting comparison when evaluating attitudes and usage towards IT resources, particularly virtualisation. Both sectors typically receive some degree of government or public funding, and their IT departments often suffer from budget restrictions.
 
At its core, virtualisation is about doing more with less by maximising existing resources rather than making costly hardware investments. With this mentality, it would seem charities and schools could stand to benefit the most from virtualised IT infrastructures, Kaspersky Lab said.
 
The non-profit/ charitable sector reported the lowest rate of virtualisation adoption across all sectors of Kaspersky Lab’s survey. Only 42% of charities and non-profits thought virtualisation was becoming a core part of their IT infrastructure, compared with a global average of 52%.
 
Given this low rate of adoption, it was not surprising to find charities and non-profits also reported the lowest security prioritisation of their virtual infrastructure. Only 10% of charities and non-profits said securing their virtual infrastructure was one of their top three IT security priorities for the coming year.
 
Charities and non-profits only ranked one IT area lower than virtualisation – physical security of their business systems, at 8% – and assigned the highest prioritisation to continuity of service (37%), identity and access management (31%), and security of mobile devices (30%).
 
The education sector shared a similar attitude to the importance of securing virtual infrastructure, also reporting that only 10% of their sector had virtualisation as a top three concern.
 
However, the education sector reported a higher than average usage of virtualisation, with 54% reporting virtual environments as a core part of their IT infrastructure, a rate that was 12 percentage points higher than their charity counterparts.
 
Despite their relatively high rate of virtualisation usage, IT managers at education facilities said their top security priorities are preventing data leaks (29%), continuity of service (28%), and providing information security training to employees (28%).
 
Interestingly, educators placed security training for employees as a higher priority than any other business sector in the survey.
 
Cost-constrained IT budgets
 
In addition to budget constraints, the non-profit/ charity and education sectors also rely on their IT security measures to protect huge amounts of personal data they store, making any under-equipped IT departments particularly vulnerable to data theft.
 
Charities in particular rely heavily on donations, so maintaining their reputations for securely managing the personal and financial information of their donors is paramount, Kaspersky Lab said.
 
According to its survey, 63% of non-profits and charities said damage to their reputation would be the worst potential consequence of a data breach. When asked what type of data they most feared losing, 41% of non-profits and charities cited their client and donor information, a rate that was far higher than any other business sector.
 
Educators placed similar importance on their reputation, ranking damaged reputation as their second most feared consequence of a data breach, with 44% of respondents citing this outcome. (This consequence was only slightly behind their top concern of losing access to critical information, cited by 48% of respondents.)
 
Educators also agreed that their client information – in this case, the information of students and faculty – is the data they most fear losing, cited by 21% of respondents.
 
Given their budget constraints and sensitivities to data breaches, the cost of an IT security incident would be particularly painful to these education and non-profit organisations, Kaspersky Lab said.
 
This is what makes the low consideration given to virtualisation security particularly troubling, the company said.
 
A lack of awareness and understanding of virtualisation security is hardly unique to these sectors, however. Kaspersky Lab has previously reported that a large portion of IT professionals lack a strong understanding of virtualisation security.
 
The survey found at least one-quarter of all IT professionals had ‘no understanding’ or ‘a weak understanding’ of their virtualisation security options.
 
Virtual IT network can produce huge cost-savings for resource-strapped organisations, but could also create a window for cyber-threats if not properly secured.
 
As more schools, charities and non-profits slowly begin implementing virtual IT resources, it is hoped that their prioritisation of virtual security will also rise from its present low rates, Kaspersky Lab said.
 
More data around business trends and the use of virtualization, and virtualisation security, identified by Kaspersky Lab’s global survey can be found in Kaspersky Lab’s 2014 IT Security Risks for Virtualization summary report (PDF).
 
Related Stories:
 
Shifting attitudes towards virtualisation security: Kaspersky
 
Microsoft announces free Office 365 for non-profits
 
World Vision revamps M'sian-based global data centre with Brocade
 
 
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.