Virtualized computing continues to evolve and bring both pros and cons (pun not intended) to information security. Everything from access controls to logs and forensics is being forced to adapt as IT resources are migrated from physical to virtual. This presentation gives a comparative analysis of the physical and virtual environments to identify key differentiators and risks. It then proposes several new approaches to meet the challenge of security and compliance for virtual systems, especially in clouds.