Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cloud Security Principles

1.Cloud Security Overview

What is cloud security?

Cloud security is a cybersecurity discipline and includes all of the tools, resources, processes and policies to protect your cloud infrastructure including data, systems, applications and resources stored in the cloud. You can also apply cloud security practices to elements of a hybrid environment where you have a mix of both on-prem and cloud-based systems.

With a cloud security program, you can assess all of the assets within your cloud infrastructure so you can discover, mitigate and remediate all vulnerabilities, weaknesses, misconfigurations and other security issues to keep your cloud infrastructure safe.

Cloud security is also known as cloud computing security. The goal is to protect all of your data in the cloud and help you meet your regulatory, legal, compliance and other standards.

You can use cloud security to limit and control who has access to your cloud systems and manage other security and configuration rules for your cloud environment.

Cloud security responsibility varies depending on your chosen infrastructure, but in general, both your organization and your cloud security solution provider should work together to protect your cloud environment.

How does cloud security work?

Cloud security works by applying various controls, processes and policies to protect your cloud environment and prevent unauthorized access to all of your systems, data and applications that reside there.

For effective cybersecurity, you need visibility into your entire cloud infrastructure including serverless computing, containers and microservices, and you should have a cloud security solution that enables you to continuously monitor and analyze all of your cloud assets.

You can personalize your cloud security approach based on a number of factors specifically related to your organization's unique characteristics and needs. While not exhaustive, here are some strategies you might choose to deploy for cloud security:

  • Network monitoring and next-generation firewalls to control the flow of data into and out of your cloud environment. The goal is to create a defense that prevents unauthorized users on an external network from accessing your data.
  • Continuous asset discovery, assessment and threat intelligence to uncover vulnerabilities, weaknesses and other security issues. The goal is to discover vulnerabilities so you can prioritize them and make plans to fix them.
  • Identity and access management to ensure that only authorized users can access data in the cloud.
  • Encryption to encode your data while it's moving and at rest.
  • Segmentation to isolate specific data sets or systems to help decrease what attackers might be able to access in a successful attack.
  • Penetration testing to determine if you can get unauthorized access into your cloud environment so you can remediate those issues and prevent a breach.
  • Logging and reporting of all activities.
  • Data loss prevention to prohibit access when you detect suspicious data activity.
  • Configuration reviews and configuration hardening.
  • Antivirus programs to prevent malware infection and spread.

How is cloud security different from traditional IT cybersecurity?

While cloud security and traditional IT cybersecurity share some common goals, like keeping your data, systems, and applications safe, the two practices have many differences.

Traditional IT security practices don't work well within cloud environments, leaving you with blind spots that can put your organization at risk. ¿Por qué?Because unlike many traditional IT environments that you can more easily protect with a security perimeter (think servers and computers within a controlled environment), the cloud is dynamic and frequently changes. In general, it's easier to protect access points within a controlled on-premises environment than in a dynamic cloud.

The cloud is also increasingly interconnected, meaning security issues that originate in the cloud could traverse into your on-prem environment and vice versa. Additionally, if not well-protected, security issues that originate in a shared or public cloud space could traverse into your systems and data without your knowledge. If a bad actor gets access to a component within shared space, you could be at risk.

While there are many benefits for cloud security, the same things that make it affordable, scalable and accessible can contribute to security issues. The cloud is at risk from a variety of issues from weak identity and access management, to the use of default passwords, lateral movement from breaches, weaknesses in application code, vulnerabilities and other security issues.

Also, because threat actors know many cloud environments host a vast amount of data, they're prime targets for attacks.

And while there are a number of differences between cloud security and traditional information security as it relates to risks, there are also a number of differences with benefits of cloud security compared to traditional cybersecurity.

Estos son algunos ejemplos:

  • Cloud security is easier and faster to deploy. With a software as a service (SaaS) model, you don't need to purchase additional hardware or other appliances to protect your cloud infrastructure. Conversely, on-site IT often requires the expensive and time-consuming process of evaluating hardware and software, purchasing, waiting for arrival, set up, configuration and training.
  • Cloud security solutions are more cost-friendly than complex on-premises solutions, which in addition to purchase prices, often include additional costs such as maintenance and upgrade fees, plus the time and resources your IT and security teams expend to implement and manage. With a subscription model for cloud security, for example, these costs can be considerably reduced and can easily be adjusted as your organization scales.
  • Traditional IT cybersecurity taxes internal resources, which today is complicated further by a lack of available skilled professionals to fill critical roles. With cloud security, depending on if you're using a public, private or hybrid cloud model, you can share security responsibilities between your IT team and the cloud provider or shift to management by an outside provider.
  • Cloud security solutions are better for comprehensive visibility into your cloud infrastructure and on-premises environments. Traditional IT cybersecurity is limited to monitoring on-site and across your network.

Why is cloud security important?

As more organizations adopt more cloud computing solutions, cloud security becomes increasingly important. That's because many of the traditional security practices employed for on-premises infrastructure don't provide the comprehensive insight you need for rapidly changing cloud environments.

Because of the volume of data stored there, cloud environments are in the crosshairs for cyber attackers, and as a result, security threats constantly evolve. That's why, if you're using a public, private or hybrid cloud model, you need cloud security.

Here are some of the many reasons why cloud security is important:

  • Security threats are increasing and constantly changing.
  • You can more easily manage your integrated security practices in a centralized location.
  • Cloud security gives you insight you wouldn't have with traditional IT security, including visibility into short-lived and transient assets such as serverless computing, containers and microservices.
  • Cloud security can scale and change as your organization evolves and changes.
  • Cloud security can help you reduce costs and decrease strain on your already busy IT staff.
  • You can automate many of your common security practices and eliminate time-consuming, repetitive, manual tasks.
  • You can ensure your data is safe and you can access it from a variety of authorized devices and users from any location.
  • You can have the same level of security and experience for all users accessing your cloud — wherever they are — unlike traditional IT that often requires security stacks for remote sites and other locations.

What's the difference between public cloud and private cloud?

Public and private clouds have some similarities, but are different. The core difference is that more than one organization shares a public cloud via the internet, whereas a private cloud is dedicated to one organization and shared through a private network.

Some organizations choose to adopt a hybrid cloud model with both public and private cloud services, often putting the most critical data and applications in a private cloud and the rest in a public cloud.

Here are some of the other ways public and private clouds are different:

  • Private clouds are dedicated and secure and often have maintenance costs directly related to that.
  • Public clouds, because they're shared, generally do not have additional maintenance costs.
  • Public cloud models come with a variety of pricing options for expense flexibility.
  • You can customize private clouds to meet your organization's specific needs, which can bring additional benefits relating to compliance and regulatory obligations.
  • Public cloud is good for software development, application usage and communications services, whereas a private cloud may be better suited for sensitive data like personally identifiable information (PII) and protected health information (PHI).
  • You can employ customized security solutions for a private cloud, which may be better for compliance, but you may have less security options in a private cloud.

What's a hybrid cloud?

Hybrid cloud computing offers organizations flexibility when deploying solutions off-premises. Some hybrid cloud models use a mix of public and private cloud, while some may also include on-prem resources.

There are a variety of reasons your organization may choose a hybrid cloud model. Often, it's a decision regulatory and compliance requirements drive, where some data may need specific security protocols executable in a private cloud but not in a public one. Other data and applications may have more security flexibility and they're well-suited for a public cloud. A hybrid cloud solution is a good option to help you mitigate risks. You can put your most sensitive data in a controlled environment, and then use the public cloud for workloads that don't need as stringent security measures.

Here are some of the many benefits of choosing a hybrid cloud option:

  • Remain in control of the security you want, helping ensure regulatory compliance
  • May be more cost effective than putting all your data in a private cloud
  • Flexible and scalable alternative that you can adapt as your organization changes and evolves
  • Enables planned, scaled migration to the cloud without moving everything at once

Are public clouds secure?

Yes, public clouds are secure. The nuance here is what type of security you need to deploy, especially for compliance and regulatory standards, which may be more difficult to do in a public cloud environment compared to a private cloud. Public clouds are not for every organization or every data type, but they offer secure alternatives to on-site hosting.

Just like your on-premises environment, no environment is 100 percent secure. There are always risks. However, most public cloud providers continuously improve their security practices and learn from exploits that put data at risk.

When you establish a relationship with a public cloud provider, it's likely you'll sign a service level agreement (SLA) or other contract, which should outline who is responsible for which security components. Make sure both parties have a clear understanding of expectations and be sure to routinely follow-up throughout the course of your relationship and any time you have a contract or other similar renewal. If you're using a public cloud provider that is compliant with your organization's regulatory requirements, ask to see compliance audit documentation.

Is the cloud more secure than on-premises?

In one study, almost 90% of respondents said their organization uses some type of public cloud infrastructure. About 40% believe public clouds are more secure than security they can deliver in their on-prem environments, with an additional 35% saying public cloud is somewhat more secure than on-prem.

With that confidence and reliability, an increasing number of organizations are moving business critical applications to the cloud, with nine out of 10 adopting software as a service (SaaS). Another 76% of respondents use infrastructure as a service (IaaS) and 70% use platform as a service (PaaS).

Aligning cloud security with the cybersecurity lifecycle

Your cloud security program can reap many benefits from alignment with the cybersecurity lifecycle.

According to Ponemon's “The Economic Value of Prevention in the Cybersecurity Lifecycle” survey, when you prevent attacks from entering your environment and can't cause damage, you can save costs, resources, damage, time and reputation.

Although prevention is one of the most difficult components of the cybersecurity lifecycle, it's imperative. Preventing a zero-day attack, for example, can save nearly $1 million (an average of $775,000). And having an insecure cloud platform, according to almost 20% of respondents, is among top security concerns.

NIST's cybersecurity framework identifies five core functions of the cybersecurity lifecycle: identify, protect, detect, respond and recover. Each function consists of categories and subcategories that align these functions to activities you can use to build and improve your cloud security processes.

Let's take a closer look at each function and what's included:

  • Identify: Asset management, business environment, governance, risk assessment, risk management strategy and supply chain risk management
  • Protect: Identity management and access control, awareness and training, data security, information protection processes and procedures, maintenance and protective technology
  • Detect: Anomalies and events, security continuous monitoring and detection processes
  • Respond: Response planning, communications, analysis, mitigation and improvements
  • Recover: Recovery planning, improvements and communications

So, how can you effectively apply components of the lifecycle to your cloud security approach? See. Predict. Act.

Tenable's exposure management platform, which includes a number of solutions and resources for cloud-based security, can give you increased visibility into cloud assets, including exposures, so you can prioritize cyber risk and make plans to remediate security issues within your cloud environment. It's rooted in Tenable's unique approach that enables you to see everything, predict what matters and act to address risks.

2.Cloud Attacks and Related Risks

What security risks and challenges exist for cloud computing?

While cloud computing brings a lot of flexibility and scalability to your organization, there are a number of security risks. Any time you move your data and workloads off on-premises, you lose some control.

For example, Amazon Web Services (AWS) has a shared responsibility model that means AWS is responsible for physical security of the cloud, but you are responsible for your data and workloads.

Also, most cloud providers aggregate data and services into their systems, meaning attackers can often access more data with less work. That means cloud environments can increase the value of a hacking target.

Other potential risks include blind spots in your cloud environment, not meeting legal requirements or compliance obligations, losing service if your cloud provider goes down or you lose connectivity to your cloud, unauthorized access to your data by your cloud provider's employees, or the chance that data stored in the cloud could be lost.

Here are some common security risks and challenges associated with cloud computing environments:

  • Lack of visibility: If your organization applies traditional IT cybersecurity practices to your cloud environments, you could suffer from lack of visibility, which creates blind spots and increases cyber risk.
  • Lack of alignment: Whether it's a disparate approach between assets or environments, or a lack of understanding of how business and cybersecurity goals should work together, a lack of alignment across your organization and throughout your processes can leave you vulnerable to cloud risks.
  • Broadening attack surfaces: A growing number of organizations are adopting cloud solutions such as SaaS and PaaS without fully understanding the shared security responsibility model cloud resources use. A lack of understanding of who is responsible for what — and which risks should be addressed first and how — creates cloud environment risks.
  • Environmental complexities: Cloud environments are complex — whether it's a public, private, community or hybrid cloud solution. While the cloud is a great alternative for enterprises that need seamless integration and operations for a variety of services and applications, these complexities require cloud-specific security measures.
  • Increased attacker interest: Most hackers have a common goal — to reap as much money as possible from an attack. Because shared public clouds often house more data and critical systems than an on-prem server, attackers increasingly focus their attention on attacking cloud environments.
  • Increased chance of lateral attack movement: Traditional IT security works by creating a perimeter around your data and assets. If you successfully protect your network, you decrease a chance of attack. However, because there are shared components within public clouds, a weakness or vulnerability exploit for an organization in that shared space could increase risk for your organization.
  • DevOps and DevSecOps risks: One of the benefits of the cloud is the ability for organizations to automate and quickly spin up DevOps and DevSecOps workloads; however, if you don't implement proper security controls during the early phases of the development lifecycle, it can increase security risks once it migrates into production.
  • Shifting responsibility confusion: Because of the shared security responsibility model created by cloud environments, there can sometimes be confusion about who is responsible for which security role. This is a critical issue when it comes to compliance and regulatory standards, where your organization cannot shift compliance responsibility to your third-party partners.
  • Challenges for access control: Whenever you move your data and applications off-site, you increase risks related to who can access your data. In a cloud environment, in addition to hacking risks, there may also be risks associated with your cloud service provider's (CSP) employees getting unauthorized access to your information.

What are cloud attacks?

A cloud attack is a way an attacker attempts to exploit vulnerabilities or other security weaknesses within your cloud environment.

There are a number of ways attackers can do this. For example, an attacker can inject malware to access information stored in the cloud. Once inside your cloud environment, the attacker can move laterally through other components and affect other systems.

Here are some other types of cloud attacks and vectors:

  • Denegación de servicio (DoS)
  • Brute force attacks
  • Wrapping attacks
  • Service hijacking
  • No encryption or weak encryption
  • Man-in-the-middle attacks
  • Advanced persistent threats (APTs)
  • Malicious insider threats
  • Malicious scripts
  • Phishing, malware, ransomware
  • Unauthorized access or credential stealing
  • Errores de configuración
  • Malware injection

Who is responsible for cloud security?

Who is responsible for cloud security depends on which model you adopt, but in general, all CSPs attempt to provide secure cloud environments for their customers. In all cloud environments, however, you are responsible for securing your data and managing who has access to your cloud assets.

Depending on which service or model you select, you should anticipate a shared responsibility for your cloud security. For example, if you're relying on a CSP for IaaS, then the CSP is responsible for protecting facilities, hardware, software, infrastructure and access, while you are responsible for ensuring your data and applications are secure, as well as controlling who has access and which operating systems you use. If you're a PaaS customer, then you have the responsibility of ensuring your data, systems and applications are secure, as well as controlling user access. In a SaaS model, the responsibility for controlling user access and securing data falls to you.

3.Cloud Security Layers and Tools

What are the layers of cloud computing?

There are several layers of cloud computing, which contribute to the complexity of cloud security. Understanding these layers and selecting appropriate controls to secure them can help keep your cloud environment safe. Here's a quick look at some of these layers:

  • Policies and procedures: Policies and procedures are at the core of your cloud security program. You may find it helpful to use a cloud security compliance framework, for example, the Center for Internet Security (CIS), to help establish your policies and build your controls.
  • Physical security: This includes physical access controls that prevent unauthorized access into your facilities, for example keys, multi-factor authentication, or other security measures.
  • Network security: You can approach network security from two levels: perimeter security and internal security. Perimeter security ensures all network traffic traverses specific monitored points into your environment, whereas your internal security measures focus on data transmitted into and out of your cloud environment.
  • Seguridad de aplicaciones:Even if you use SaaS, you have a responsibility to ensure your data is secure and limit unauthorized access. This can happen at the application level, where you can use controls like firewalls, encryption, and other intrusion detection methods to protect your applications and data.
  • Virtualization: It's imperative to secure this layer throughout the entire lifecycle, including access controls and continuous monitoring of your cloud attack vectors.
  • Orchestration: This is the layer where you automate your workflows and processes, generally ensuring effective and safe interactions between disparate systems that live in or flow through your cloud.

What is agentless assessment?

Scanning cloud instances for vulnerabilities isn't the same as scanning traditional infrastructure. Auto-scaling instances come and go quickly and they are scattered across regions. Scanning your cloud environments for vulnerabilities, noncompliant configurations and drift in near real-time is essential in remaining secure and compliant.

Tenable Cloud Security Agentless Assessment enables your security teams to quickly and easily discover and assess all cloud assets. Live scans continuously update data, which any logged change event can trigger. When the industry-leading Tenable Research team adds a new vulnerability, Tenable Cloud Security Live Results allow your security teams to see if a vulnerability exists in the current asset inventory, without executing a new scan. Agentless Assessment doesn't require any Tenable or cloud vendor agents, so there is no impact on resources and no need to bake agents into your provisioning.

What is a container?

A container is similar to a virtual machine. Within the cloud, you can use a container to create an isolated environment to package and run your application along with its libraries and dependencies. In simple terms, containers are self-contained packages that have everything you need to run an application.

Containers are lightweight and easy to deploy. They can help developers speed up software deployment. You can also use containers to silo applications from others within a dedicated environment. It's a great working environment for developers because it eliminates that chance for dependency or resource issues.

The average container lasts about two-and-a-half days, a time period that is constantly decreasing. Because containers are short-lived, traditional IT cybersecurity processes, for example, periodic scans instead of continuous monitoring, may miss containers and leave you with exposures within your cloud environment.

Containers virtualize at the operating system level and separate applications, so there aren't conflicting dependencies or resource issues, unless you set it up that way.

What is container security?

Container security encompasses all of the processes, tools, policies and resources you employ to ensure your container operates securely as intended. With container security, you get seamless and secure access into container images, including visibility into if there are any malware, configuration, vulnerability or security issues.

Because containers are generally short-lived, traditional IT security processes, like periodic scanning, often miss container discovery, leaving you with blind spots in your attack surface. Containers create other security challenges such as lack of credentialed scanning, issues remediating vulnerabilities during production and a lack of IP addresses.

Effective container security should include the ability to:

  • Discover and remediate vulnerabilities before app deployment
  • Complete insight into container security
  • Empower DevOps with security tests that run in less than 30 seconds
  • Give developers confidence their code is high-quality
  • Enable developers to discover security issues and fix them before deployment
  • Increased productivity with time and cost-savings

What is cloud encryption?

Cloud encryption is a process you can use to encode data before it's transmitted into and out of the cloud. You can also use cloud encryption to encrypt your data at rest, while it's stored on the cloud.

Cloud encryption is a good security practice because it prevents unauthorized users from accessing your data without a decryption key. It ensures end-point protection, meaning your data is secure as it moves in and out of the cloud.

If you're in a public or community cloud, cloud encryption can also be used to ensure that other tenants within that shared space cannot access your data

Many compliance and regulatory requirements include a level of cloud encryption for data security (for example, HIPAA and PCI DSS), which can help prevent data exfiltration and theft and also minimize the likelihood a bad actor can alter or corrupt your data.

Most well-known CSPs offer cloud encryption as a layer of security, but you can also add your own encryption protocols for extra security.

What is a cloud security gateway?

A cloud security gateway is a cloud-hosted solution that lives between your cloud applications and your users.

You can configure a cloud security gateway to enforce policies between your cloud applications and your enterprise, ensuring your security team has insight into how you're using the cloud, which cloud security practices you have in place, and how those practices align with your on-premises controls. Cloud security gateways are also referred to as cloud access security brokers (CASBs).

You can employ cloud security gateways to filter traffic so that breaches, for example, malware, can't move through your systems and infect other assets.

Cloud security gateways enforce all of your policies, and because everything from filtering to enforcement can happen within the cloud, you don't need additional on-premises appliances for this security layer.

Identity and access management (IAM) in the cloud

In a shared responsibility security model, protecting your data and controlling access to that data and cloud environments are among many of your organization's responsibilities.

Cloud identity and access management (IAM) is similar to on-prem IAM, except that it focuses specifically on controls related to your cloud environments. With cloud IAM, you can get unified visibility into your cloud security policies to control who can access your cloud, what they can access and how you terminate that access as needed.

Cloud IAM is all about establishing and managing roles and accessibility. You want to ensure you're giving the right users the right access to only the information they need to carry out their roles.

When choosing a cloud security solution, look for a provider that enables you to see into and manage IAM within the platform. And, look for a solution that enables this at a granular level so you can go deep into your access controls, for example, insight into resource types and IP addresses, as well as device security information and more. The solution should enable you to create new user roles, change roles, track everything a user does and then review reports about those actions.

4. Cloud Security Solutions

Choosing a cloud security solution

Adopting a new software or security solution has long been a drawn-out, tedious process — one that without proper research and planning, can result in a number of obstacles that inhibit implementation and decrease adoption and usage rates. But, choosing a cloud security solution doesn't have to be so frustrating.

With forethought and planning, you can quickly get on the right path for choosing the best cloud security solution for your organization.

Here are a few tips:

  • Set a goal: What do you want your solution to do? How does that goal align with your business goals and objectives?
  • Know your “must-haves:” What does the solution have to do to ensure you meet all your goals?
  • Dig into product capabilities: How does the solution improve security and reduce risk?
  • Understand your compliance and other regulatory requirements: Can the solution give you visibility into how you're meeting requirements, where you have gaps, identify weaknesses and help you prioritize plans for remediation?
  • Inquire about scalability and research: Can the solution scale with your organization and how does it ensure it continuously delivers accurate, timely risk data as your needs change over time?

And finally, here are some other questions to consider as you create your short list of potential cloud security solution vendors:

  • How does the solution perform assessments such as malware detection, web app scanning, vulnerability scans, configuration audits, etc.?
  • How does the vendor handle licensing? Does the license fee include everything or does it require additional fees based on the modules you may need?
  • What are the solution's asset scanning capabilities? Which asset types can it scan?
  • Can the solution prioritize vulnerabilities?
  • Does the solution have an easy-to-understand dashboard with comprehensive visibility into your attack surface?
  • Does the solution offer a variety of customizable reporting capabilities?
  • How does the solution manage credentials?
  • Does the solution rely primarily on CVSS for vulnerability prioritization or does it have additional tools to give you insight into which vulnerabilities pose an actual risk to your organization?
  • What does the vendor's vulnerability coverage look like? Can it discover new vulnerabilities and make appropriate updates as they are found?
  • How does the vendor handle product updates and upgrades? Are they automatic? How frequently do they occur?
  • How does the solution work in specific cloud-hosted environments such as AWS, Azure, or GCP?
  • Does the vendor allow test periods or product trials to try the product before you buy it?
  • What type of support does the vendor provide to help you meet your cloud security goals?

5. Cloud Security Processes

Implementing a cloud security program

When implementing a cloud security program, there are five steps you can take to adopt a risk-based vulnerability management approach, which aligns directly with the cybersecurity lifecycle.

Paso 1: Detectar

  • Get complete visibility into ephemeral assets with cloud connectors for cloud service providers such as AWS, Azure, and GCP. Cloud connectors ensure you can detect all short-lived assets in your cloud environments.
  • Detect assets early in your software development lifecycle so you can discover vulnerabilities or other security issues before deployment.
  • Scan your entire cloud infrastructure to build a comprehensive inventory of all of your assets and automatically reallocate asset licenses 24 hours after termination of a cloud instance.

Paso 2: Evaluar

  • Assess your cloud environment using cloud security best practices.
  • Uncover vulnerabilities across your entire cloud stack.
  • Use multiple sensor types to ensure complete visibility including active scanners, passive monitors, agents and image assessments.

Paso 3: Priorizar

  • Share vulnerability priority information directly with your DevOps team.
  • Automatically send vulnerability and misconfiguration information to your SIEM.

Paso 4: Corregir

  • Shift left to remediate vulnerabilities before they reach production.
  • Create secure machine and container images before deployment.
  • Integrate risk-based vulnerability management into your CI/CD systems.
  • Assign and track vulnerabilities with bug-tracking and remediation tools.

Paso 5: Medir

  • Share information about your cloud security program with your tech teams and key stakeholders, using a language they understand.
  • Calculate and share information about your cyber risk using advanced analysis and risk-based exposure scoring.
  • Compare your cyber risk with other units within your organization or against similar peer organizations.

To learn more about how to implement cloud security for your organization and how Tenable can help, visit our Cloud Security Posture Management Solution page.

Cloud Security Best Practices

If you're using a public, private, hybrid or community cloud solution, it's imperative to incorporate cloud security into your cybersecurity program. With today's expanding and interconnected attack surfaces, a breach that begins in one can quickly spread through others.

On top of that, traditional vulnerability management, like processes you might use in your on-premises environment, don't work well (or at all) in the cloud. Cloud assets are dynamic and they can exist in your environment for minutes, hours or days. If you're using periodic asset scanning for vulnerability management, you're likely to miss these short-lived assets.

Cloud security is further complicated by the shared security responsibilities between you and your cloud provider, depending on which services and models you employ.

So where do you begin? Here are five tips for some cloud security best practices you can adopt and implement today:

  1. Leverage cloud connectors for continuous visibility into all of your cloud computing assets
  2. Deploy multiple sensors for deeper assessments
  3. Configure your cloud infrastructure using best practices
  4. Predict critical vulnerabilities to remediate first
  5. Drive process improvements and communicate cyber risk

Would you like to explore cloud best practices in more detail? Check out this webinar, "5 Must Haves for Hybrid-Cloud Security".

Productos relacionados

¿Está listo para proteger la superficie de ataque moderna?

Try Tenable Vulnerability Management

Cloud Security Resources

Managing Cloud Security: A SANS Webinar

SANS White Paper: A Guide to Managing Cloud Security (Documento técnico de SANS: una guía para la gestión de la seguridad en la Nube)

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Su prueba de Tenable Vulnerability Management también incluye Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Su prueba de Tenable Vulnerability Management también incluye Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Su prueba de Tenable Vulnerability Management también incluye Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Probar Tenable Web App Scanning

Disfrute de acceso completo a nuestra última oferta de escaneo de aplicaciones web diseñada para aplicaciones modernas como parte de la plataforma Tenable One Exposure Management. Escanee de manera segura todo su portafolio en línea para detectar vulnerabilidades con alto grado de exactitud sin el esfuerzo manual intensivo ni la interrupción de aplicaciones web críticas. Registrarse ahora.

Su prueba de Tenable Web App Scanning también incluye Tenable Vulnerability Management y Tenable Lumin.

Comprar Tenable Web App Scanning

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.


USD 3578

Comprar ahora

Probar Tenable Lumin

Visualice y explore su gestión de exposición, realice un seguimiento de la reducción de riesgos a lo largo del tiempo y compárese con sus competidores con Tenable Lumin.

Su prueba de Tenable Lumin también incluye Tenable Vulnerability Management y Tenable Web App Scanning.

Comprar ahora Tenable Lumin

Póngase en contacto con un representante de ventas para saber cómo puede ayudarle Tenable Lumin a obtener información de toda su organización y gestionar el riesgo cibernético.

Probar Tenable Nessus Professional gratuitamente


Tenable Nessus es el escáner de vulnerabilidades más completo en el mercado hoy en día.

NUEVO - Tenable Nessus Expert
Ahora disponible

Nessus Expert viene con aún más funcionalidades, incluyendo escaneo de superficie de ataque externa y la capacidad de agregar dominios y escanear infraestructura en la nube. Haga clic aquí para probar Nessus Expert.

Rellene el formulario a continuación para continuar con la prueba de Nessus Pro.

Comprar Tenable Nessus Professional

Tenable Nessus es el escáner de vulnerabilidades más completo en el mercado hoy en día. Tenable Nessus Professional ayudará a automatizar el proceso de escaneo de vulnerabilidades, ahorrará tiempo en sus ciclos de cumplimiento y le permitirá involucrar a su equipo de TI.

Compre una licencia multi anual y ahorre. Agregue Soporte Avanzado para acceder a soporte por teléfono, chat y a través de la Comunidad las 24 horas del día, los 365 días del año.

Seleccione su licencia

Compre una licencia multi anual y ahorre.

Añada soporte y capacitación

Probar Tenable Nessus Expert gratuitamente


Diseñado para la superficie de ataque moderna, Nessus Expert le permite ver más y proteger a su organización contra las vulnerabilidades, desde TI hasta la nube.

¿Ya tiene Tenable Nessus Professional?
Actualice a Nessus Expert gratuitamente por 7 días.

Comprar Tenable Nessus Expert

Diseñado para la superficie de ataque moderna, Nessus Expert le permite ver más y proteger a su organización contra las vulnerabilidades, desde TI hasta la nube.

Seleccione su licencia

Compre una licencia plurianual y ahorre más.

Añada soporte y capacitación