As companies increasingly turn to server virtualization to save money, it seems like security isn't coming along for the ride, according to a new study from the folks at Gartner (News - Alert).

Through the next two years, 60 percent of virtualized servers will be less secure than the physical servers they replace, says Gartner. And though that percentage will drop by 15 percent by the end of 2015, the research firm believes this trend shows that virtualization projects are being kick started without taking into account proper security procedures or involving the right security folks.

Businesses are flocking to server virtualization because it cuts down on the costs and time spent managing physical machines. By the end of last year, only 18 percent of data center workloads that could be virtualized had been virtualized, according to Gartner. That number is expected to shoot up to more than 50 percent by the end of 2011. But as this trend continues, security is likely to become more of a critical challenge.

If you're looking to virtualize the servers in your data centers, Gartner has several risks and recommendations to share to make sure security doesn't get short changed.

1 - Involve Security Staff from the Start. From surveys conducted last year, Gartner found that 40 percent of server virtualization projects are initiated without consulting with key security people. Though IT folks may argue that nothing is changed by moving an OS from a physical box to a virtual machine, Gartner says the hypervisor and Virtual Machine Monitor (VMM) that manage and juggle the guest operating systems do introduce a new layer of software. As a result, the firm advises IT folks to extend their security processes to include virtual environments.

2 - Protect the Virtualization Layer. Since the hypervisor and VMM are critical in managing your virtual environments, they hold a privileged status on your server. As a result, this software layer is ripe for attacks by hackers. Gartner advises IT pros to treat this layer as the most critical one when running a virtualized server and to make sure it's correctly patched and protected.

3 - Adopt Consistent Policies and Monitoring for Virtualized Servers. Some virtualization products let you create virtual networks within a guest operating system so that the system can communicate directly outside of the VM. But that traffic can also bypass intrusion detection tools. Gartner recommends that you use the same type of policies and monitoring on your virtual servers as you do on your physical ones.

4 - Be Careful when Mixing Critical Systems with Non-Critical Ones. More companies are virtualizing critical systems on the same boxes as less critical systems. That by itself is not a problem, says Gartner. But IT should take the same precautions to separate virtual machines of different trust levels as they do with physical machines. Virtual environments running critical systems should also be securely locked down and separated from the rest of the data center.

5 - Control Administrative Access to the Hypervisor and VMM. Virtual machine platforms can provide multiple administrative paths to the hypervisor and VMM. Therefore, this layer must be locked down and tightly managed. IT folks may even want to look at third-party utilities to better secure administrative control.

6 - The Same Staffers who Handle Topology for the Physical Network Should Handle it for the Virtual Environment. When IT combines several physical servers onto a virtual server, there's a possibility that most admins and users may have access to data beyond their normal privileges. This is a greater risk if different people administer the virtual machines. Gartner suggests that the same team responsible for the physical network topology also play a role in managing the virtual topology.

Though some people may see virtualizing your servers as inherently less secure than sticking with physical boxes, Gartner doesn't believe that's the case. Instead, it's the more the limitations of the tools and processes being used combined with the lack of staff training. By following Gartner's list of suggestions, you can go a long way in making sure your virtual servers are safe and secure.