Christofer Hoff (@Beaker) and I had a short discussion on twitter the other day about the VMware Cloud Director (vCD) security guidance. We both felt it was a bit lite and missed the point of Secure Multi Tenancy. However, I feel even more strongly that people will implement what is in the vCD Guidance, vBlock Security Guidance, and the vSphere Hardening Guidance, and in effect have a completely insecure cloud. These three guides look at the problem as if they were singular entities and not as a whole.
This realization tied to Chad Sakac’s recent discussion on the 9/22 VMware Communities podcast leads me to believe that ‘good enough’ is no longer ‘good enough’ from a security perspective. Chad discussed that there need only be the vCloud Director administrator and the vSphere administrator to do the daily heavy lifting. That there would no longer be the need for a security, network, storage, and system specific administrators. In other words, OPEX savings.