
by Kevin Rowney
Virtualization is revolutionizing IT, and small businesses are sitting up to take notice. Whereas in the past it was viewed as a luxury only available to large enterprises with extensive resources, virtualization is now a viable option for businesses of all sizes. A recent study commissioned by Symantec aimed to measure the attitude of small businesses toward virtualization, and to what extent they are taking advantage of it.
The Appeal of Virtualization
The survey found that small businesses are very interested in virtualization technology, and that they can see a wide range of potential benefits. Among the key findings are the following:
- A full 70 percent of small businesses are at least considering virtualization.
- Their reasons are:
- Reduced capital expense (cited by 70 percent)
- Reduced operational expense (68 percent)
- Improving scalability (68 percent)
Two-thirds of the organizations surveyed expressed a desire to reduce the number of servers while maintaining their applications, increasing their efficiency. Making the most of their existing infrastructure will also help keep costs down. Virtualization also makes disaster recovery easier, through the ability to create a full mirror of critical systems without the need for additional hardware.
Adoption Challenges
While the majority of small businesses have shown an interest in virtualization technology, they are still in the early stages of adoption. Consider:
- Only ten percent have already implemented virtualization
- 17 percent currently in trials or the implementation process.
In a related finding, businesses are far more comfortable with web and database management applications than with more critical applications such as accounting, ERP and CRM software. This indicates that while organizations are eager to see the benefits of virtualization, they are still reluctant to risk placing business-critical apps into a virtualized framework.
What is causing this reluctance? Businesses stated that the three most significant challenges to virtualization are:
- Performance
- Backup
- Security and patch management.
Additionally, nearly one-third of respondents reported a lack of experience in virtualization, which sheds further light on their reluctance to virtualize more vital applications.
Data Protection Woes
Despite the enthusiasm small businesses are showing, however, many of them are failing to sufficiently protect the information they place into the virtualized environment.
- Only 15 percent perform regular backups on virtualized servers.
- 23 percent back up infrequently or not at all.
More than half of organizations (61 percent) cited budgetary issues as the reason for not performing regular backups, with 20 percent blaming staffing issues.
In addition to insufficiently backing up data, securing servers is another challenge faced by small businesses. On average, they have completely secured only 40 percent of their virtualized servers. Moreover, 78 percent have no antivirus software installed. Once again, the primary reason cited by businesses is budgetary problems, with staffing issues also mentioned.
Recommendations for SMBs
While the market matures there are potential security risks associated with virtualization. In order to minimize risks while still enjoying the benefits virtualization has to offer, SMBs should consider the following recommendations to protect themselves in the virtual environment.
Recommendation 1: It’s important that organizations understand the increased complexity that comes with implementing a virtualized IT environment. Taking advantage of new techniques that allow virtualization of hard-to-virtualize multi-tier applications may provide a route through this complexity. Symantec’s AppHA framework allows us to provide this kind of help to people virtualizing complex workloads and we think there’s an interesting path ahead, despite the complexity, using these new techniques.
Recommendation 2: An integrated approach to backup and security in both physical and virtual environments can improve overall IT efficiency. Implementing data deduplication solutions can help save space on servers while also saving time for IT management.
Finally, recommendation 3: One of the most important steps SMBs can take is to create a comprehensive security plan that is specifically tailored to the virtual environment. By ensuring that security is managed centrally, software can be more easily deployed. And, by establishing consistent policies and practices, administrators and end users will be able to effectively contribute to a secure IT environment. At this point, it appears most of these virtualized systems have minimal protection from targeted attacks tailored to invade them and we are watching this trend with some concern. We hope to influence the community of practitioners of virtualization to realize that this relatively unprotected state is a significant risk that requires attention soon.

Director, Breach Response, Symantec
Kevin Rowney is a data loss prevention visionary who joined Symantec in 2007 as part of the Vontu acquisition, a company which he founded.
Rowney currently serves as Director of Breach Response at Symantec and is focused on helping customer address data breach incidents. Rowney coaches account teams on how to help customers respond to data breach incidents. By mobilizing teams across Symantec to deploy resources, Rowney helps customers get current breach incidents under control and identify risks of future breaches.
For the past 14 years, Rowney served in a variety of security roles at software startups in Silicon Valley. At Vontu, Rowney conceived the original value proposition, designed the system architecture and wrote the patent-pending search algorithms used in their award-winning product.
Rowney has architected a range of security systems including credit card transaction processing systems and one of the first PKI Certificate Authorities operating on the Internet. Additionally, Rowney served on the Visa/Mastercard Secure Electronic Transactions standards committee as the representative of Verifone/EIT.