I'm literally emulating a bobble head doll at this point. In a fit of snarky confusion, I'm simultaneously trying to nod-shake-shrug my oversize gourd to arrive at some commonsensical conclusion about this piece. I can't, so my head just flops about like the headpiece on a 4-axis CNC machine.
Tarry Singh from the Avastu Blog spends his time as an independent analyst covering virtualization and cloud computing. His latest post regarding security left me scratching my head.
I had a bunch of folks ping me asking me for my interpretation of Tarry's latest work but I thought I'd turn it over to you lot since the more eyeballs the merrier.
Tarry's post is titled "Good News! Hackers Focus On Virtualization."
I read it. I read it again. I had something to drink. I read half of it.
I think what Tarry's trying to say is that with more attention being paid to virtualization platforms by "hackers" that we ought to see increased pressure for more secure environments due to impending carnage from mounting exploits and regulators amassing mad virtualization audit skillz. I could be wrong as it was really, really good wine.
Despite abusing the term "hackers," it's not an unreasonable assertion despite being dusty. The rest of the post (or the wine) still leaves me a bit dizzy.
Pay attention now, I'll highlight the interesting bits in bold...
- This is a validation of the fact that Virtualization is going mainstream
- Security and Compliance will be core focus of all organizations
- Virtual Infrastructures are easier to battendown and secure due to its uniformity
- Regulators will increasingly ask for audits, where as in traditional environments (I've seen such audits by the like of KPMG etc) and always wondered like "wow--so are so prepared, dude, NOT!", Virtual environments suddenly enables auditors to ask the right questions and get or not get the expected results.
- Focus on security would mean that we will have to work harder to provide a secure and compliant platforms.
I'd be very interested to understand what a "secure and compliant practice" within the scope of a virtualized environment means, especially in light of some of the statements above.
Tarry, you've got mail.
/Hoff