At this year’s RSA Conference, the Cloud Security Alliance released a new whitepaper entitled: “Best Practices for Mitigating Risks in Virtualized Environments” which provides guidance on the identification and management of security risks specific to compute virtualization technologies that run on server hardware.
The whitepaper was developed by CSA’s Virtualization Working Group which is co-chaired by Kapil Raina, of Elastica, and Kelvin Ng of Nanyang Polytechnic and sponsored by TrendMicro. The 35 page paper identifies 11 core risks related to virtualization, including:
- VM Sprawl
- Sensitive Data within a VM
- Security of Offline and Dormant VMs
- Security of Pre-Configured (Golden Image) VM / Active VMs
- Lack of Visibility Into and Controls Over Virtual Networks
- Resource Exhaustion
- Hypervisor Security
- Unauthorized Access to Hypervisor
- Account or Service Hijacking Through the Self-Service Portal
- Workload of Different Trust Levels Located on the Same Server
- Risk Due to Cloud Service Provider API
The report is free and can be downloaded in full here.