When indulging in virtualization, recall that this practice (as opposed to using real computing with hardware) introduces at least three new categories of concern:
PROVIDER HYPERVISOR ISSUES
PROVIDER WEB INTERFACE ISSUES
PROVIDER PERSONNEL ISSUES
You will notice the repetition of the term "provider", since one definition of "cloud" is "renting someone else's box and network".
The first area is one I recall from a previous project in which we saw time delays in patching hypervisor vulnerabilities, which never happen except when they do. Hypervisors are the software programs that create and manage the virtual computing instances "living" on the real host. Ideally they prevent a user on one instance from getting into others, into the host, into the host's network, and so forth.
The second area I recall from the same project, which would not only bring up injection vulnerability but simple operations faults, like not providing a necessary choice menu or button, or having that control work improperly. There's also the issue of the interface's throughput capacity.
The third area notes that by using a provider for virtual needs (if that's what you're doing rather than running the host in your own co-lo arrangement), you go through a layer of employees and management you've never met and do not control.
.....
So yes. We sometimes don't recall these issues in the way they were first commonly discussed. And as we move forward, fewer will think of them and they'll become more important. Witness the youngsters we see referring to any device connection as "wifi", since soon they may not remember ethernet, being told of it only by somebody else who fixes something for them.
