Monitoring Security Vulnerabilities in Your Cloud Vendors
· 7 min read
Introduction
If you manage applications running on cloud platforms, you likely depend on multiple cloud vendors and services. These could be infrastructure providers like AWS, GCP or Azure. A vulnerability in any of these services could potentially impact your applications and your users.
A cloud platform has many moving parts, many of which are dependent on other third-party providers. For example:
- Operating system images for VMs which are maintained by third-party vendors.
- Container images which are hosted on external repositories.
- Software stacks which are maintained by other vendors but available for deployment on the cloud provider.
- Libraries used by the cloud provider's internal software which are maintained by other developers or organizations.
- Control plane software like Kubernetes.
- Hardware, like processors, which are provided by the manufacturer.
- Hypervisors which are developed and maintained by third-party vendors.
- Networking hardware manufactured by other vendors.