All right, Now, talk about the hyper visor, little bit securing the guest operating system. So this comes down to what type of service you will get. An operating system with platform is a service.
that operating system provided to you by the cloud service provider that becomes their responsibility.
Okay, They're providing you the OS that needs to be secured, protected, updated. All those things we think of with hardening and operating system. Their responsibility
with software is a service. The clients have operating system, right, but they're really accessing software somewhere else, but with infrastructures of service,
it's up to me. What operating system I use when I get that virtual machine. I don't even get an operating system. I have to install an operating system on my first server and on the other servers from that point forward.
So again, whose responsibility is the guest operating system comes down to? What service? Your use.
There are certain principles for securing operating systems. Regardless,
remove unnecessary service's apply the latest service packs and hot fixes, rename administrative counts. All those apply all those apply now, when we think about adding a virtual machine and again in this case, it would be type two of'em,
right? Because even though the cloud service provider uses Type one, I might in my internal network
that I'm using infrastructures of service. I might use virtualization that's always like virtual ization on top of virtual ization. It is like that. So in that case, I've got a virtual machine on top of an operating system, and I have to secure that operating system. I also have to secure the individual
virtual machines and operating systems and there,
so there are a lot of layers. Once we take these elements, we move him to the cloud,
making sure that if we have virtual machines, virtual hard drives that were using making sure we back them up, making sure that those critical service is that must be off line are truly offline. And they're not just virtual machines that air powered down.
It's just another file,
right? Your virtual hard drives, just a file in the file can become corrupt, compromised, so we make sure that as much as we appreciate the beauty of virtual ization that we know, virtual ization is not the same as physical isolation, eh?
Virtual hardware. We've already talked about that being disconnected, making sure if we have multiple guest operating systems
that we have strong, consistent authentication across those operating systems.
And then again, any sort of mapping between external and internal if we allow that has to be controlled very tightly. Now, you know, I'm gonna want to connect possibly from one network to another through a virtual switch.
So how we're gonna handle that connective ity has to be well thought out, mapped out, and just like any other network connection,
it has to be secure.