As a podcast junkie, I have to give the Virtualization Security Round Table #74 a lot of credit for a great topic and good arguments. They brought up an excellent point. Suppose you are working with a cloud provider who claims to be completely secured and has the industry certifications to prove it. And then you put a cloud management engine or interface in front of that provider: perhaps Rightscale, Ylastic, Cloudsmart, or any other tool that requires you to provide your cloud credentials. You might have just negated all that great cloud provider security! You have allowed an 'unknown' to have keys to the front door. If that provider gets hacked, the hacker can own everything in your cloud and could use that as an attack vector into your company. Leason: put third party tool providers under the same scrutiny that you place cloud providers.
