Although it is assumed that virtual machines and virtual network components are "separated by default," flaws and potential weaknesses in hypervisor platforms have been documented that could cause segmentation issues.
The most well-documented flaw was the one noted last year by Kostya Korchinsky of Immunity, where he "broke out" of a VMware Virtual Machine and executed a program on the underlying hypervisor system with a proof-of-concept tool called CloudBurst, Shackleford says. And in 2008 Core Security found a directory flaw that could allow an attacker to access files on the hypervisor from the virtual machine, he says.
5. Emergence of cloud standards and certifications
Because security will be evaluated when choosing cloud services, standards and certifications will be extremely important to help customers gauge how secure their data will be kept, Barr says. Cloud users will continue to leverage their existing processes for evaluating the security postures of cloud providers, but will begin looking at some of the more popular organizations developing guidance and standards, he says.
Sign up for Computerworld eNewsletters.