Another great paper from my GTP colleague Anton has just been published, this one on security monitoring for public cloud environments. One of my favorite quotes from that paper is this one:
“It is useful to remember that traditional threats and vulnerabilities apply to cloud environments: malicious software, unsafe access credentials, poorly written software with security bugs, unsecure Web applications, privileged users going rogue, data theft by various parties (internal and external), and denial of service attacks.”
This fact affects not only the monitoring processes and requirements that Anton writes about on this paper; this also affects another “bread and butter” security process: Vulnerability Management. It doesn’t matter if something is running in the cloud or in your data center, if it is vulnerable it is a target and eventually will be attacked. If you need to stop and think how to extend your security monitoring processes to the cloud, you also have to think about how to extend your vulnerability management processes to those same resources. Cloud security is still security.
This question is one of the things I’m currently working on. More to come about that soon
Read Complimentary Relevant Research
Cloud Computing Primer for 2017
Cloud has evolved from a disruption to an expected approach to traditional as well as next-generation IT. Our research helps IT leaders,...
View Relevant Webinars
Cloud Megavendors: CIOs Must Understand Vendor Cloud Strategies
Price wars, partnerships, acquisitions and co-opetition, along with rampant confusion and cloud washing, are setting the stage for battle...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.