The debate around cloud security is quickly beginning to mirror the one that has followed virtualization security for the last few years. What begins as a philosophical discussion usually devolves into arguments about technology or vendor roles. In a panel at the RSA Conference, several experts waded back into the virtualzation security waters, with the expected fireworks.
As Rob Westervelt reports:
Simon Crosby, chief technology officer of Citrix Systems Inc., has been an ardent supporter of a lightweight hypervisor. Crosby said fewer lines of code translates into fewer opportunities for an attacker to exploit vulnerabilities.
"It’s not about VMs, it’s about applications and how they’re comprised," Crosby said. "We need a whole bunch of [security] around an app, not a VM."
Meanwhile, network security expert and cloud computing blogger Chris Hoff, who serves as technical director of the Cloud Security Alliance, and Stephen Herrod, chief technology officer of VMware Inc., defended a more robust hypervisor, capable of detecting and defending itself from an attack with the use of third-party security products.
"When you actually deploy VMs today, you need tools for doing it right," Herrod said. "We have a unique opportunity to change the way we’re doing security."
Read the full report here.