With so many virtual resources and tenants moving around in our cloud services environment, how can we best determine where our cloud is most vulnerable?
It's important to conduct both internal and external cloud vulnerability and penetration testing on a regular basis to get an accurate, up-to-date security risk analysis. Having proper audits and effective alerts is also a must.
Providers should be able to schedule additional, ad hoc vulnerability assessments whenever there is a change in the physical and virtual infrastructure or in any software; adding a new appliance will also call for renewed testing and audits. For example, if a complete vulnerability assessment shows that a customer has provisioned new virtual machine instances and destroyed some older ones, the provider would need an audit trail to prove that this was indeed done for the customer and that this vulnerability was addressed.
For more information, read this tip on how cloud providers can squelch cloud computing vulnerabilities.
Dig Deeper on Managed security for the cloud
Related Q&A from Mooney Sherman
Cloud providers must cover security, access control and restoration time when negotiating DRaaS SLAs with customers, says cloud expert Mooney Sherman. Continue Reading
Crafting an SLA for DR in the cloud requires providers to address several issues up front with customers, according to cloud expert Mooney Sherman. Continue Reading
Cloud expert Mooney Sherman offers tips on how to evaluate various security architectures to provide optimal sensitive data protection in the cloud. Continue Reading