Top Virtualization Security Mistakes (and How to Avoid Them)
The usage of virtualization in cloud computing services is another trend that bears watching. From a security operations standpoint, there are new wrinkles introduced by these scenarios. One example is patch management responsibility. In a Platform- or Infrastructure-as-a-Service cloud scenario, responsibilities for patching operating systems and applications for virtual servers may be split. As an example, the cloud service provider might have some responsibility for patching operating systems, and the customer organization might have responsibility for patching applications. Ensuring that needed patches are applied in a timely manner will require close coordination and service level agreements spelling out expectations for things such as patch frequency, maintenance windows, and acceptable intervals from vendor patch availability to service provider or customer patch deployment.