Christmas is over and New Years is on its way. A time to make resolutions and see the year complete. A time to review what is old and plan for the future. This is a perfect time to review your defense in depth and look to see if there are security additions needed in 2012. So what cloud and virtualization security New Years resolutions should I make for 2012?
The most recent Virtualization Security Podcast was on the subject of virtualization security for the SMB. Specifically cover the case where the customer wanting virtualization security could afford to purchase a hypervisor and perhaps one other security product. In the end the panelists came up with a list of suggestions for virtualization security for the SMB that are applicable to all levels of Virtualization. The panel looked at SMB security with an eye towards Availability, Integrity, and Confidentiality.
There has been great debate of what comprises the cloud, how to bound the cloud so that its easier to understand, and how to secure the cloud. Christofer Hoff of the Rational Survivabilty blog has been spear-heading quite a bit of discussion on cloud taxonomy in his attempts to wrap some thoughts around how to properly secure the cloud and everything within it. The start of this journey is the act of defining exactly what the cloud is, and is not. NIST’s document adds some more to an existing definition by defining public and private clouds.