A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security. Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual …
It is not so much virtualisation
as it is consolidation. The old adage 'Don't keep Your Eggs in One Basket' applies very well here.
If you go Borg, then one virus in the main matrix blows it all. If you then say well I will start putting up Checkpoint Charlies then you move away from consolidation and into autonomous systems anyhow.
Virtualisation is useful for Q&A, namely Testing. But, it is not that useful in consolidation because consolidation by its own nature is a weaknesses, it is simpler to envisage but that doesn't make it better in operation.
We are also still short on standards here
Virtualized and cloud environments certainly changes the security equation, and next step needs to be some agreements among cloud and virtualization providers on best practice security recommendations, or in the case of public cloud services, a security standard that could become part of the GRC (governance risk compliance) process that most enterprise customers have to go through. I'm keeping my eye on blue guy with the X-ray lenses from CSA, the Cloud Security Alliance, for that.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Review Tough Banana Pi: a Raspberry Pi for colour-blind diehards
- Product round-up Ten Mac freeware apps for your new Apple baby
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'