Educause Security Discussion mailing list archives
Re: Virtualization and Security ?
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Wed, 11 Feb 2009 08:25:30 -0600
On an additional note, NIST is to consider a Special Publication this year (FY) as a guide to securing cloud computing and virtualization. The Information Security and Privacy Advisory Board (ISPAB) discussed the topic at their December meeting. The link has a couple presentations: http://csrc.nist.gov/groups/SMA/ispab/documents/minutes/2008-12/December-2008.html James A. St.Clair, CISM, PMP Senior Manager Global Public Sector Grant Thornton LLP T 703-637-3078 F 703-637-4455 C 703-727-6332 E jim.stclair () gt com [cid:image85dcd3.gif@d6b8403c.1ce54c0e] The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the six global audit, tax and advisory organizations. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity. In the U.S., visit Grant Thornton LLP at www.GrantThornton.com<http://www.grantthornton.com/>. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alex Sent: Tuesday, November 25, 2008 3:04 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: Virtualization and Security ? Clifford Collins: You may be interested in the following documents: Data Security Standard 1.1 - Applied to VMware ESX 3.0.1* Using VMware and VDI and vmSight for Stronger and Sustainable HIPAA and PCI Compliance Five Immutable Laws of Virtualization Security* An Empirical Study into the Security Exposure of Hosts of Hostile Virtualized Environments VMware Infrastructure 3 Security Hardening* A company named StoneSoft had a good presentation at an ISSA meeting here. Although, I cant seem to find that presentation. * indicates a good document -Alex Everett, CISSP University of North Carolina ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Clifford Collins Sent: Tuesday, November 25, 2008 11:06 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Virtualization and Security ? I applaud everybody's efforts to secure their VMware environments. I too am in the process of arguing for similar "best practices" as we deploy VMware. However, I'm getting pushback because the decision-makers have not heard of any industry "best practices" to justify the extra work and expense. Would any of you please bring to my attention documentation to justify our position? Thanks in advance for the help! Clifford A. Collins Information Security Officer Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product" ----- Original Message ----- From: "Anand Malwade" <malwadan () SHU EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Monday, November 10, 2008 5:11:59 PM GMT -05:00 US/Canada Eastern Subject: [SECURITY] Virtualization and Security ? Folks, We are looking into Data Center Consolidation and plan to virtualize most of our servers. Now Virtualization can yield sigificant operational advantages, but also introduces among others network, security complexity and management challenges. My question to the forum is a) Is anyone fully virtualized ? If so was a Vendor hired to perform this function and are there any lessons learnt that i should be aware of with the deployment? b) Has anyone run into significant Security and Risk Issues. Thanks, Anand Anand Malwade Information Security Officer, Seton Hall University, Tel: 973 275 2209 malwadan () shu edu ________________________________ In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under the Internal Revenue Code. ________________________________ This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, dissemination, copying, printing or other use of this e-mail by persons or entities other than the addressee is prohibited. If you have received this e-mail in error, please contact the sender immediately and delete the material from any computer.
Current thread:
- Re: Virtualization and Security ? St Clair, Jim (Feb 11)
- <Possible follow-ups>
- Re: Virtualization and Security ? Richard Hopkins (Feb 19)