Some days ago, a vendor talked at an analyst meeting about the relationship between virtualization and security. The argument was: At the hypervisor you can combine network security management, server security management and some other aspects of security management - I can't remember everything. Thus virtualization increases security, because you have one point of control.
Right - as long as you can control what administrators and operators are doing. Unfortunately, that's not the case in typical virtualization environments. There is no PxM (Privileged Access, Account, Identity, User) Management at all. And in that case, combining everything is a problem, a nightmare from a compliance point-of-view. For sure there is a value in having a single point-of-control, but only if you are able to adequatly control use of this.
I've asked the speaker about the solutions around PxM offered by that vendor - there weren't any.
Without specific virtualization security solutions, PxM being one very important amongst them, there is a virtualization security risk. There is a potential of increasing security by using adequate technology, which is provided by several vendors. But claiming that there is a value of combining a lot of highly elevated administrative actions without being able to manage them doesn't make any sense.
For a comprehensive overview on what customers expect around virtualization security just have a look at that survey.
And don't forget to register for EIC 2011 and Cloud 2011.