Virtualization and cloud computing haven't eroded the online security of most companies, analysts say. But they may be contributing to situations in which IT-service customers leave themselves vulnerable to attack because they assume their cloud provider is taking care of security.
"Security and cloud hosting are two separate things, but the cost of entry is so low, and often so simple, that customers may not do as much due diligence as they should to find out who's responsible for security," says Ezra Gottheil, an analyst who covers server issues for Technology Business Research.
Placement of responsibility for security in cloud computing arrangements is so ill-defined that Gartner felt it was necessary to list access to information about how a cloud service works and a service level agreement spelling out customer expectations and requirements in a report released this week.
