Disable VM nested virtualization
Closed this issue · 0 comments
aumohr commented
Describe the bug
The organization policy "Disable VM nested virtualization" is not enforced by default, even though recommended by GCP security best practices.
Rationale
Nested virtualization can be used to run unauthorized workloads and avoid detection and security controls.
Recommendation
Enforce at the org level to prevent users from setting up virtualized environments, and reduce exposure to intra-VM guest OS kernel level exploits (for example, Spectre, Meltdown, L1TF, MDS).