Gerdes noted that the new world creates an operational (rather than a technical) vulnerability. "You have to understand who has the rights and permissions - the idea that the Vsphere administrator is the equivalent to God, who can create machines, delete machines, move machines in and out of the organisation ... should that be allowed?"
As virtualisation becomes more pervasive, he said, there is an increased, "need to control who is allowed to do what in this environment."
"I want to virtualise security," he said, adding that virtualisation users need to learn how to create what he calls "logical trust zones".
And, "if I'm going to a cloud provider, how do I build different 'network segments' and how do I evolve my processes and policies?"
Sign up for Computerworld eNewsletters.