Another great paper from my GTP colleague Anton has just been published, this one on security monitoring for public cloud environments. One of my favorite quotes from that paper is this one:
“It is useful to remember that traditional threats and vulnerabilities apply to cloud environments: malicious software, unsafe access credentials, poorly written software with security bugs, unsecure Web applications, privileged users going rogue, data theft by various parties (internal and external), and denial of service attacks.”
This fact affects not only the monitoring processes and requirements that Anton writes about on this paper; this also affects another “bread and butter” security process: Vulnerability Management. It doesn’t matter if something is running in the cloud or in your data center, if it is vulnerable it is a target and eventually will be attacked. If you need to stop and think how to extend your security monitoring processes to the cloud, you also have to think about how to extend your vulnerability management processes to those same resources. Cloud security is still security.
This question is one of the things I’m currently working on. More to come about that soon
Read Complimentary Relevant Research
Cloud Computing Primer for 2018
Cloud is evolving from a market disruptor to an expected approach for traditional and next-generation IT. Our research offers actionable...
View Relevant Webinars
Building a Cloud Strategy that Works
While many enterprises can point to cloud projects currently underway, far fewer possess a comprehensive strategy that considers enterprise...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.