Executive Summary Key Research Findings Introduction Threats VM Escapes Solution-Specific Threats Traditional Attacks Vulnerabilities Vulnerabilities in Virtualization Products Traditional Software Vulnerabilities Hypervisor Vulnerabilities Vulnerabilities in Virtualization Planning and Design Trusted Zone Spanning Network Blind Spots At the Heart of the Problem Vulnerabilities in Operational Deployment Configuration Issues Virtualization Sprawl Access Controls Administrative Errors Future Risks Recommended Practices Before All Else: Simplify Phase 1: Infrastructure Consolidation Strategy and Design Phase 2: Network Strategy and Design in Extending the Layered Security Model Phase 3: Define Administrative Processes and Manage Administration Risks Phase 4: Proactive Security in Operations: Configuration Control and Security Assessment Phase 5: Security Program Management Virtualization Security Benefits Assessment Prevention Architecture Redesign Configuration Management Application Isolation Incident Response, Forensic Investigation and Incident Recovery A Sampling of Current Practices in the “Real World” Extending Common Controls Where Perceptions May Clash with Reality Gaps and Lags in Adoption of Virtualization-Specific Measures Conclusions EMA Perspective Appendix A: Virtualization Definitions and Taxonomy Virtualization Hypervisor Hardware Virtualization Server Virtualization Paravirtualization Operating System (OS) Virtualization Application Virtualization Application Isolation Software Streaming Server-Based (or Remote) Desktop Virtualization Client-Based (or Local) Desktop Virtualization Storage Virtualization Network Virtualization Data Virtualization Clustering Grid Computing Software-As-A-Service (SaaS) Thin Client Appendix B: Survey Methodology and Demographics
Product samples
A sample for this product is available. Please Login/Register to download this sample.
