If you’re operating in the cloud, you may be familiar with the shared responsibility model. We often hear people say they think they’re inherently secure because they use the cloud and their cloud provider takes care of all security needs, but that’s not exactly true. While your cloud provider is responsible for some security, you, too, have several responsibilities—hence the shared model.
In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and what you need to do to minimize your risk.
Why vulnerability management still matters in the cloud
What often happens when a company moves to the cloud is the DevOps team takes ownership of the cloud infrastructure, leaving the security team without easy visibility into what’s happening. But even if security does have visibility, it can be difficult because processes happen automatically and there typically isn’t a singular approval process when something is deployed to production.
This is something cloud providers aren’t responsible for. The only thing your cloud provider must do is secure the core infrastructure (the hardware and firmware). You are responsible for what you put on that infrastructure, such as EC2 instances and virtual machines. To that end, let’s take a look at how you do that.
Detecting vulnerabilities in the cloud
Now that you know there are areas of your cloud that may be vulnerable, there are two ways you can go about addressing them—either by using a third-party vulnerability risk management solution like InsightVM or Amazon’s native
Support the originator by clicking the read the rest link below.
