It seems like there's a decent number of VM guys here, so...
My employer has been slow to take advantage of virtual machines, largely due to a perceived security risk. In particular, this article talks about intellectual property/trade secret theft at a trading firm. A specific line from that article, "[the thief] used virtual machines to download Citadel’s proprietary software..." It's not a technical article, so it doesn't say how he "used virtual machines". But since my company is a trading firm, this story hits home with the company owners, and now they have it in their mind that virtual machine is synonymous with security risk.
My question here is, based on the extremely vague statement from that article, does anyone know how one might have "used virtual machines" to steal code? The implication is that the VM somehow enabled the circumvention of other security measures.
I've been trying to find more details on this, but am coming up short. There are risks associated with VMs---but they are in the same class of general infrastructure security risks, which need to be understood and managed appropriately. But I can't see any evidence that they are inherently insecure. I mean, if VMs allowed access to the host system, or any system outside of the guest itself, then how could any cloud provider (Amazon, Google, etc) run a business? But this rationale doesn't seem to be cutting it, so here I am.
Thanks for any feedback!
My employer has been slow to take advantage of virtual machines, largely due to a perceived security risk. In particular, this article talks about intellectual property/trade secret theft at a trading firm. A specific line from that article, "[the thief] used virtual machines to download Citadel’s proprietary software..." It's not a technical article, so it doesn't say how he "used virtual machines". But since my company is a trading firm, this story hits home with the company owners, and now they have it in their mind that virtual machine is synonymous with security risk.
My question here is, based on the extremely vague statement from that article, does anyone know how one might have "used virtual machines" to steal code? The implication is that the VM somehow enabled the circumvention of other security measures.
I've been trying to find more details on this, but am coming up short. There are risks associated with VMs---but they are in the same class of general infrastructure security risks, which need to be understood and managed appropriately. But I can't see any evidence that they are inherently insecure. I mean, if VMs allowed access to the host system, or any system outside of the guest itself, then how could any cloud provider (Amazon, Google, etc) run a business? But this rationale doesn't seem to be cutting it, so here I am.
Thanks for any feedback!