A quick search will provide ample warnings of the risks of adding virtualisation technology to the business IT mix without due care and consideration to security. Whether such risks are inherent in the use of virtualisation technology itself, or arise when standard security practices are not extended to include virtual …
It is not so much virtualisation
as it is consolidation. The old adage 'Don't keep Your Eggs in One Basket' applies very well here.
If you go Borg, then one virus in the main matrix blows it all. If you then say well I will start putting up Checkpoint Charlies then you move away from consolidation and into autonomous systems anyhow.
Virtualisation is useful for Q&A, namely Testing. But, it is not that useful in consolidation because consolidation by its own nature is a weaknesses, it is simpler to envisage but that doesn't make it better in operation.
We are also still short on standards here
Virtualized and cloud environments certainly changes the security equation, and next step needs to be some agreements among cloud and virtualization providers on best practice security recommendations, or in the case of public cloud services, a security standard that could become part of the GRC (governance risk compliance) process that most enterprise customers have to go through. I'm keeping my eye on blue guy with the X-ray lenses from CSA, the Cloud Security Alliance, for that.
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- I KNOW how to SAVE Microsoft. Give Windows 8 away for FREE – analyst
- Special Report How Britain could have invented the iPhone: And how the Quangocracy cocked it up