Server virtualization and cloud services offer compelling benefits, including hardware consolidation, rapid provisioning and reduced infrastructure complexity. But virtualization and cloud technologies also introduce security and compliance challenges that are not easily addressed with traditional vulnerability management tools and techniques. These challenges include: Sprawl Because it’s so easy and fast to spin up new servers or clone existing ones, organizations often create a large number of virtual machines or cloud instances, increasing the number of servers to monitor and manage. Any problems that you have in the physical environment will be magnified in virtual and cloud environments. Without tight controls, it’s difficult to ensure that infrastructure in these new IT environments adheres to appropriate security and configuration controls. Dynamic environments Tracking and updating what you have can be a challenge as people create, suspend and move virtual machines and cloud instances. Identifying where virtual machines and cloud instances exist, then including them in your assessment and patch processes can quickly become a time consuming challenge. Many layers, many players Virtualization and the cloud add other teams and skill sets to the overall complex security environment with physical and network layers. Individuals may lack insight into areas beyond their own expertise, yet understanding context is critical for assessing risk. With ‘silos’ of expertise, it can be difficult to get an accurate understanding of the actual risk profile of a virtualized system. Securing Virtual and Cloud Environments is a Process Tools alone cannot resolve these challenges. VMware tools, for example, address only VMware issues, While Windows patch management tools focus on their discrete problems. Understanding and addressing the reality of threats in context requires an ongoing, multi-step process to: 1. Define policies and procedures 2. Develop a plan to stay compliant with change control 3. Implement a plan to harden and control systems 4. Scan your environment 5. Distribute the right data to the right people 6. Fix the problems 7. Repeat on a regular basis The team managing and executing the process will come from security, IT, cloud and virtual teams. By understanding new challenges and working together, teams can manage security in new virtual and cloud environments as they have been in physical environments in the past. For more ideas on how to run a successful vulnerability management program, watch the Tenable on-demand webcast, Why are Some Vulnerability Management Programs More Successful than Others? Related content brandpost Reporting Matters By Steve Hall Nov 17, 2015 2 mins Security brandpost Fine-tuning Security Metrics to Drive Action By Scott Hollis Nov 16, 2015 2 mins Security brandpost Using Metrics to Improve Your Process By Marcus J. Ranum Nov 13, 2015 3 mins Security brandpost Which security metrics matter most? By Scott Hollis Oct 21, 2015 2 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe