While Cloud itself is not technically any different from traditional hosting, housing or outsourcing with geographical business continuity, the revolution is in the concept of optimizing costs while allowing greater flexibility. It all sounds good and easy, but what about your company security? You are outsourcing part of your datacenter in a virtual datacenter hosted in a provider, or you are storing part of your core data in an application hosted somewhere and this changes the way security has been conceived so far.
VMware with its vCloud Director software is among the players of IaaS infrastructure software, organizing outsourced companies into virtual datacenters or vDatacenters. Because vDatacenters allow great flexibility by orchestrating customers' datacenters via a simple web interface, identity theft increases the risks of data being compromised or services being disrupted: by compromising a single identity, a malicious user can log in to the vCloud portal and fully control the virtual datacenter from anywhere.
This publication describes how the author addressed the issue of breaking into virtual datacenters on two different organizations that adopted VMWare vCloud. The target audience of this publication is a VMWare vCloud administrator or an end customer, both wishing to understand the security risks behind cloud technologies and wishing to enhance such security.