Virtualization Security
Essay Preview: Virtualization Security
Report this essay
In computing, Virtualization means to create a virtual version of a device or resource, such as a server, storage device, network or even an operating system where the framework divides the resource into one or more execution environments. The current and future applications for computer virtualization and storage are enormous and right now potentially at risk. According the analyst firm Gartner, Cloud computing is fraught with security risks. Cloud computing has “unique attributes that require risk assessment in areas such as data integrity, recovery, and privacy, and an evaluation of legal issues in areas such as e-discovery, regulatory compliance, and auditing,” Gartner says. (Jon Brodkin, July 02, 2008 Network World.)
In this day and age of computing and storage, customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Currently data storage requires a large data warehousing facilities with cooling systems and onsite IT administration. With the application of cloud computing networking and security is more at risk now than ever before. Gartner has given examples for: Seven cloud-computing security risks.
Privileged user access would now be processed outside the enterprise. Because outsourced services bypass the “physical, logical and personal controls” IT shops exert over in-house programs.
Regulatory compliance. Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider.
Data location. When you use the cloud, you probably wont know exactly where your data is hosted. In fact, you might now even know what country it will be stored in.
Data segregation. Data in the cloud is typically in a shared environment alongside data from other customers. Encryption is effective but isnt a cure-all. “Find out what is done to segregate data at rest,” Gartner advises.
Recovery. Even if you dont know where your data is, a cloud provider should tell you what will happen to your data and service in case of a disaster. “Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure,” Gartner says.
Investigative support. Investigating inappropriate or illegal activity may be impossible in cloud computing. If you cannot get a contractual commitment to support specific forms of investigation, along with evidence that the vendor has already successfully supported such activities, then you only safe assumption is that investigation and discovery requests will be impossible.
Long-term viability. Ideally, you cloud computing provider will never go broke or get acquired and swallowed up by a larger company. But you must be sure your data will remain available even after such an event.
After reading and understanding the pros