1.Evaluate,negotiate and refine the licensing agreements with major vendors for virtualized environments -- SLAs.
2.Secure each virtualized OS by using software in each guest or using an inline virtual machine combined with hypervisor-based APIs such as VMware vShield.
3.Virtualized OS should be augmented by built-in security measure,leveraging third party security technology to provide layered security controls and reduce dependency on the platform provider alone.
4.Secure by default configuration must be assured by following or exceeding available industry baselines.
5.Encrypt virtual machine images when not in use.
6.Explore segregating VMs and creating security zones by type of usage (e.g desktop vs.server ),production stage (e.g Development ,Production and testing) and sensitivity of data on separate physical hardware components such as servers,storage etc.
7.Make sure that the security vulnerability assessment tools or services cover the virtualization technologies used.