Virtualization and the Cloud
The spread of cloud computing, particularly in the form of Infrastructure as a Service (IAAS), has been accompanied by a growth in virtualization. There has been a great deal written about the security implications of each, but not so much on the implications of both taken together, yet this is a common occurance.
CA has released a white paper that addresses this area. The white paper suggests the following:
"A comprehensive solution for privileged access management is required in order to mitigate the risks associated with the new breed of security considerations and satisfy auditors. Service providers delivering Infrastructure-as-a-Service will need to provide premium visibility and control features to their customers if they want to attract the enterprise market.
An effective solution must ensure limitations on privileged users performing authorized operations on the virtualization infrastructure. This reduces the risk associated with over-privileged accounts or external intrusions which may compromise the gateway to guest images. Machine-to-machine protection through network isolation should be supplemented by access enforcement amongst them."
A copy is available from this link. (Free registration required)