A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security. Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual …
It is not so much virtualisation
as it is consolidation. The old adage 'Don't keep Your Eggs in One Basket' applies very well here.
If you go Borg, then one virus in the main matrix blows it all. If you then say well I will start putting up Checkpoint Charlies then you move away from consolidation and into autonomous systems anyhow.
Virtualisation is useful for Q&A, namely Testing. But, it is not that useful in consolidation because consolidation by its own nature is a weaknesses, it is simpler to envisage but that doesn't make it better in operation.
We are also still short on standards here
Virtualized and cloud environments certainly changes the security equation, and next step needs to be some agreements among cloud and virtualization providers on best practice security recommendations, or in the case of public cloud services, a security standard that could become part of the GRC (governance risk compliance) process that most enterprise customers have to go through. I'm keeping my eye on blue guy with the X-ray lenses from CSA, the Cloud Security Alliance, for that.