Gartner Blog Network


Security Bread and Butter in The Cloud

by Augusto Barros  |  July 30, 2015  |  Submit a Comment

Another great paper from my GTP colleague Anton has just been published, this one on security monitoring for public cloud environments. One of my favorite quotes from that paper is this one:

It is useful to remember that traditional threats and vulnerabilities apply to cloud environments: malicious software, unsafe access credentials, poorly written software with security bugs, unsecure Web applications, privileged users going rogue, data theft by various parties (internal and external), and denial of service attacks.”

This fact affects not only the monitoring processes and requirements that Anton writes about on this paper; this also affects another “bread and butter” security process: Vulnerability Management. It doesn’t matter if something is running in the cloud or in your data center, if it is vulnerable it is a target and eventually will be attacked. If you need to stop and think how to extend your security monitoring processes to the cloud, you also have to think about how to extend your vulnerability management processes to those same resources. Cloud security is still security.

This question is one of the things I’m currently working on. More to come about that soon :-)

(you can read Anton’s new paper here [Gartner GTP access required])

Category: cloud  vulnerability-management  

Augusto Barros
Research Director
1 years at Gartner
19 years IT Industry

Augusto Barros is Research Director in the Gartner for Technical Professionals (GTP) Security and Risk Management group. Read Full Bio




Leave a Reply

Your email address will not be published. Required fields are marked *

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.