Virtual Machines/Cloud Services

Risks, Vulnerabilities and Threats

  • Co-tenancy
  • Data is harder to inventory
  • Loss of day-to-day control
  • Malicious insiders with Admin capabilities
  • Insecure interfaces
  • Service Interruptions
  • Incident response may be slowed
  • Forensic analysis is more difficult
  • Data retention (Discovery) control issues
  • Compliance requirements harder to achieve

 

Control Objectives and Operational Goals

  • Very strong change management program
  • Strong production data access control rules
  • Train IT staff to review user device plans and usage
  • Data loss prevention/content inspection should be available
  • Vulnerability scanning should be available
  • Adequate audit trails are needed