In a cloud security risk analysis, how can providers find vulnerabilities?

With so many virtual resources and tenants moving around in our cloud services environment, how can we best determine where our cloud is most vulnerable?

    Requires Free Membership to View

It's important to conduct both internal and external cloud vulnerability and penetration testing on a regular basis to get an accurate, up-to-date security risk analysis. Having proper audits and effective alerts is also a must.

Providers should be able to schedule additional, ad hoc vulnerability assessments whenever there is a change in the physical and virtual infrastructure or in any software; adding a new appliance will also call for renewed testing and audits. For example, if a complete vulnerability assessment shows that a customer has provisioned new virtual machine instances and destroyed some older ones, the provider would need an audit trail to prove that this was indeed done for the customer and that this vulnerability was addressed.

For more information, read this tip on how cloud providers can squelch cloud computing vulnerabilities.

This was first published in January 2013

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: