You could easily argue that you trust any vulnerability management solution with your data whether that solution is running in the cloud or on-premises, so this is a good topic for any vulnerability management provider. There are some unique questions however to ask a cloud vulnerability management provider to understand how they keep their application and your data safe. This includes topics like:
Many organizations provide guidance for vendors and consumers of cloud infrastructure and applications. One example is the Cloud Security Alliance. Another is the Australian Signals Directorate, which is basically the Australian equivalent of the NSA. While the Australian Signals Directorate is government-centric, the group has great guidance on a variety of cybersecurity and cloud security topics and is worth checking out if you are considering moving any applications or processes to a cloud environment.
You can also ask what standards and certifications the cloud vulnerability management provider has for their data center. For example, SSAE 16 is an important data center certification, but don’t rely on just one certification. Ask tough questions to get a complete understanding of how they handle security in their cloud-hosted application.
Finally, trying out a potential cloud vulnerability management solution is a critical step in the purchasing process. It should be an easy one too, as a cloud-hosted option. Get the security team to explore the solution and ask for feedback in areas like:
Demonstrations and videos offered by vulnerability management providers are a great start, but they’re done by people who are experts with their solution. A hands-on test drive will help you understand how easy or difficult a new solution will be to implement, deploy and maintain.
Bring clarity to your security and compliance posture with Tenable.io. Built on the leading Nessus technology from Tenable, Tenable.io delivers visibility and insight through an open and elastic platform that addresses the challenges of today’s environments. Tenable.io provides maximum coverage for evolving assets, supporting cloud, containers and web applications as easily as traditional assets. Its streamlined and intuitive user experience, including pre-built templates and a consistent user interface, delivers value quickly and helps teams achieve more.
Focus on the right action every time with the information and context you need to secure your borderless attack surface.
For more information, visit the Tenable.io product page.
Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats and reduces exposure and loss. With more than one million users and more than 21,000 customers worldwide, organizations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com