Server virtualization and cloud services offer compelling benefits, including hardware consolidation, rapid provisioning and reduced infrastructure complexity. But virtualization and cloud technologies also introduce security and compliance challenges that are not easily addressed with traditional vulnerability management tools and techniques. These challenges include:\nSprawl \nBecause it\u2019s so easy and fast to spin up new servers or clone existing ones, organizations often create a large number of virtual machines or cloud instances, increasing the number of servers to monitor and manage. Any problems that you have in the physical environment will be magnified in virtual and cloud environments. Without tight controls, it\u2019s difficult to ensure that infrastructure in these new IT environments adheres to appropriate security and configuration controls.\nDynamic environments \nTracking and updating what you have can be a challenge as people create, suspend and move virtual machines and cloud instances. Identifying where virtual machines and cloud instances exist, then including them in your assessment and patch processes can quickly become a time consuming challenge.\nMany layers, many players \nVirtualization and the cloud add other teams and skill sets to the overall complex security environment with physical and network layers. Individuals may lack insight into areas beyond their own expertise, yet understanding context is critical for assessing risk. With \u2018silos\u2019 of expertise, it can be difficult to get an accurate understanding of the actual risk profile of a virtualized system.\nSecuring Virtual and Cloud Environments is a Process\nTools alone cannot resolve these challenges. VMware tools, for example, address only VMware issues,\nWhile Windows patch management tools focus on their discrete problems. Understanding and addressing the reality of threats in context requires an ongoing, multi-step process to:\u00a0\n1.\u00a0\u00a0\u00a0\u00a0 Define policies and procedures\n2.\u00a0\u00a0\u00a0\u00a0 Develop a plan to stay compliant with change control\n3.\u00a0\u00a0\u00a0\u00a0 Implement a plan to harden and control systems\n4.\u00a0\u00a0\u00a0\u00a0 Scan your environment\n5.\u00a0\u00a0\u00a0\u00a0 Distribute the right data to the right people\n6.\u00a0\u00a0\u00a0\u00a0 Fix the problems\n7.\u00a0\u00a0\u00a0\u00a0 Repeat on a regular basis\nThe team managing and executing the process will come from security, IT, cloud and virtual teams. By understanding new challenges and working together, teams can manage security in new virtual and cloud environments as they have been in physical environments in the past.\nFor more ideas on how to run a successful vulnerability management program, watch the Tenable on-demand webcast, Why are Some Vulnerability Management Programs More Successful than Others?