Q

In a cloud security risk analysis, how can providers find vulnerabilities?

Identifying vulnerabilities in a cloud security risk analysis requires providers to do regular testing and audits, says cloud expert Mooney Sherman.

With so many virtual resources and tenants moving around in our cloud services environment, how can we best determine where our cloud is most vulnerable?

It's important to conduct both internal and external cloud vulnerability and penetration testing on a regular basis to get an accurate, up-to-date security risk analysis. Having proper audits and effective alerts is also a must.

Providers should be able to schedule additional, ad hoc vulnerability assessments whenever there is a change in the physical and virtual infrastructure or in any software; adding a new appliance will also call for renewed testing and audits. For example, if a complete vulnerability assessment shows that a customer has provisioned new virtual machine instances and destroyed some older ones, the provider would need an audit trail to prove that this was indeed done for the customer and that this vulnerability was addressed.

For more information, read this tip on how cloud providers can squelch cloud computing vulnerabilities.

This was first published in January 2013

Dig deeper on Cloud Security Issues and Cloud Security Services

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

This Content Component encountered an error
Close