While at VMworld 2013, I started to ask 5 security questions that have been bothering me for some time now. Some of these questions apparently have no answers currently and others only have operational answers, no technology. Security of a secure hybrid cloud is a mix of procedures, policies, operations, and technology. These questions are about various aspects of virtual and cloud environments that have been nagging at me for some time now as well as problems I have faced managing our own cloud instances. Perhaps you have questions you would like to add to the list, if so please share. Continue reading Security Questions from VMworld 2013
Many of the virtualization security people I have talked to are waiting patiently for the next drop of leaked VMware hypervisor code. But the real question in many a mind is whether or not this changes the the threat landscape and raises the risk unacceptably. So let’s look at the current hypervisor threat landscape within the virtual environment to determine if this is the case, and where such source code will impact. Are there any steps one can take now before the code drop is complete to better secure your environment? Continue reading Will access to VMware’s source code change the hypervisor threat landscape?