Question

How to detect and respond to found vulnerabilities?

Context

When an organisation moves applications and data to the cloud, they will shift some but not all security responsibility to the cloud provider. Most cloud providers are responsible for securing their cloud infrastructure (such as physical data centre security), while the cloud user is responsible for their applications and data running in the cloud platform. Thus, when developing and deploying application in cloud, a key responsibility for a security professional is to keep that environment free from vulnerabilities that attackers could use to get at organisation applications and data.

Solution

To scan for vulnerabilities, a tool (e.g. Nessus) can be used in cloud to scan for software flaws. Software update package is important in case a flaw is detected.

Secure Development, Operation and Administration Navigation