Introduction

Before I speak, I have something important to say.

—Groucho Marx

Securing the Virtual Environment is about the security and compliance of virtualized and cloud computing environments. The power of these technologies can be indispensable. However, the migration to virtualized and cloud computing may bring a sea change in risk.

Virtualization is a trend of using software to emulate and replace hardware that has been sweeping through the information technology field and revolutionizing it for many years. Cloud services are the second wave, building services and management upon many of the principles and technologies vetted by the wave of virtualization.

Everything about these environments can differ from the traditional IT they supplement or replace. How they are designed, how they are built, and how they are run often come from new ideas and solutions. This reinvention introduces many “gotchas” for the unwary. Some areas pose a great deal of danger, and high-profile breaches have already occurred. Yet many people do not yet have an appropriate level of awareness or concern.

A common refrain in security presentations just a few years ago was that auditors were being left behind by the change and needed to “catch up.” This book aims to help make that possible and at the same time show that new technology and services may now have to catch up to the demands of auditors.

Overview of This Book and the Technology

This book was written completely in a virtual environment. One ...