Are utilities that can significantly manage virtualized partitions (e.g., shutdown, clone, etc.) appropriately restricted and monitored?
Do you have the capability to detect attacks that target the virtual infrastructure directly (e.g., shimming, Blue Pill, Hyper jumping, etc.)?
Do you have an identity management system (enabling classification of data for a tenant) in place to enable both role-based and context-based entitlement to data?
Do you allow tenants to use third-party identity assurance services?
Do you support identity federation standards (e.g., SAML, SPML, WS-Federation, etc.) as a means of authenticating/authorizing users?
Do you provide a tenant-triggered failover option?