Problem solve Get help with specific problems with your technologies, process and projects.

In a cloud security risk analysis, how can providers find vulnerabilities?

Identifying vulnerabilities in a cloud security risk analysis requires providers to do regular testing and audits, says cloud expert Mooney Sherman.

With so many virtual resources and tenants moving around in our cloud services environment, how can we best determine where our cloud is most vulnerable?

It's important to conduct both internal and external cloud vulnerability and penetration testing on a regular basis to get an accurate, up-to-date security risk analysis. Having proper audits and effective alerts is also a must.

Providers should be able to schedule additional, ad hoc vulnerability assessments whenever there is a change in the physical and virtual infrastructure or in any software; adding a new appliance will also call for renewed testing and audits. For example, if a complete vulnerability assessment shows that a customer has provisioned new virtual machine instances and destroyed some older ones, the provider would need an audit trail to prove that this was indeed done for the customer and that this vulnerability was addressed.

For more information, read this tip on how cloud providers can squelch cloud computing vulnerabilities.

Dig Deeper on Managed security for the cloud

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.