The CA Technologies-sponsored research, which took in responses from 335 IT and business professionals in 15 European countries, concluded that too many security activities are still dependent upon silo-based, manual processes.
Researchers from KuppingerCole found that there are major concerns surrounding hypervisor privileges and data sprawl in virtual environments not being adequately addressed by the current adoption of security technologies and policies.
Interestingly, the survey found that 39% of organisations believe that virtual environments are more difficult to secure than physical environments.
Delving into the research reveals that 73% of organisations are concerned that the far-reaching privileges presented by hypervisors might lead to mistakes or abuse by privileged users.
According to the report, the hypervisor administration account has extensive access privileges with very few limitations or security controls.
"The hypervisor also introduces an extra layer into virtualised environments creating new attack surfaces, opening the door to abuse by privileged users", says the report.
"However, according to the study, 49% of these organisations have neither implemented a privileged user management nor a security log management solution", it adds.
Only 65% of respondents claimed to enforce a separation of duties for administrative tasks across virtual platforms – an essential prerequisite for compliance and security best practices.
Equally interestingly, the survey reveals, more than 40% of these respondents do not use the critical software tools necessary to automate this enforcement: access certification, privileged user management, or log management.
Only 42% of the respondents perform regular access certifications for privileged users or are able to adequately monitor and log privileged access.
Shirief Nosseir, CA Technologies' EMEA product marketing director, said this demonstrates that the automation technologies available to mitigate the risks from privileged access in virtualised environments are not yet widely deployed.
"If they were, IT organisations could control the risks arising from virtualisation security and ultimately better leverage the benefits of virtualisation", he noted.
According to the survey, most organisations use at least two different virtualisation technology providers: VMware is deployed by 83% of respondents, Citrix by 52%, and Microsoft (mainly Hyper-V) by 41%, for example.
In addition, CA Technologies found that 84% of respondents state they prefer integrated solutions to seamlessly secure both virtual and physical environments.
However, only 56% of the organisations surveyed have implemented or are in the process of implementing the same security solutions for virtual and physical environments.
"This underscores the importance of using strategies and tools that flexibly support heterogeneous platforms and allow the unified management of virtual and physical systems", said Nosseir.
"The alternative is a fragmented, siloed infrastructure which is more expensive to manage (owing to the lack of centralised management), is inefficient (due to the lack of automation), and has an inadequate security posture, because of a lack of consistent policies between platforms", he added.