Can You Patch a Cloud - Scott Thomas

Explore vulnerability management in cloud computing through this 42-minute conference talk from GrrCON 2015. Delve into the unique challenges and considerations of securing cloud environments, including the differences from traditional infrastructure, scalability issues, and shared responsibility models. Learn about the increased attack surface in cloud deployments, strategies for effective vulnerability scanning, and adopting a risk-based approach to cloud security. Gain insights into balancing compute power needs with security concerns, and understand the importance of clearly defining responsibilities for vulnerability resolution in cloud environments.

Intro
ABOUT ME
WHAT IS THE CLOUD?
WHAT IS VULNERABILITY MANAGEMENT?
SO WHAT CHANGES FOR VULNERABILITY MANAGEMENT WHEN YOU ADD CLOUD COMPUTING?
THE CLOUD IS NOT A MAINFRAME
EXPANSION & CONTRACTION WHEN NEEDED
COMPUTE POWER WHEN YOU NEED IT BUT AT WHAT COST?
CAN YOU MAKE SOMEONE ELSE WORRY ABOUT THE PROBLEMS?
WHAT LEVEL OF SERVICE?
MORE SURFACE AREA MEANS MORE ATTACK SURFACE
DOES THE CLOUD MAKE YOU A BIGGER TARGET?
MORE SYSTEMS MEANS MORE VULNERABILITIES TO RESOLVE
DID YOU REMEDIATE ALL THE VULNERABILITIES?
WHAT ABOUT THE FRAMEWORK?
WHO'S RESPONSIBILITY IS IT TO RESOLVE?
SO WHAT DO YOU DO?
SCANNING
EXAMPLES
WHAT ARE YOU DOING IN THE CLOUD?
DOES IT EVEN MATTER?
RISK BASED APPROACH
CONCLUSION
QUESTIONS?