I recently spoke at the InfoSec World 2010 Summit on Virtualization and Cloud Security and also attended the main conference sitting in on many Virtualization discussions. Perhaps it was the crowd, which was roughly 30-40% auditors. Perhaps it was the timing as SourceBoston was also going on, as well as CloudExpo in NY. But I was surprised to find that people are still ‘just starting’ to think about Virtualization Security. Since I think about this subject nearly every day, this was disappointing to me at best. I found ideas around virtualization security ranging from:
* Virtualization Security is not part of an architecture/design, what do I bolt on?
* My Physical Security will work
* Virtual Environments NEED More security than physical environments
* There are no new threats, so why have something more
* Security is a hindrance