Cloud Providers Must Share Discovered Vulnerabilities

Grazed from InformationWeek. Author: Editorial Staff.

Government agencies that rely upon cloud service providers have to trust that cloud providers will protect their data or services from risk and harm. In a perfect world, cloud providers would have a complete understanding of the unique missions — and risks — that agencies face.

In reality, cloud service operators tend to provide a "one size fits all" approach to services that often overlooks specific or unique mission risks. As a result, government agencies must ultimately accept responsibility for ensuring that cloud providers offer the appropriate amount of protection to manage risk. It also requires agencies to directly address some fundamental questions regarding risk…

According to NIST Special Publication 800-30, "Guide for Conducting Risk Assessments," risk is a function of threats that can exploit vulnerabilities that in turn can lead to an undesirable impact to the organization. There are three aspects of this equation (threats, vulnerabilities, and impact), and agencies must consider all of them to understand ongoing risk in their cloud environments…

Read more from the source @ http://www.informationweek.com/government/cloud-computing/cloud-providers-must-share-discovered-vulnerabilities/d/d-id/1251139

Subscribe to the CloudCow bi-monthly newsletter @ http://eepurl.com/smZeb