While vulnerability management has been a long-standing practice and comes with its own challenges in traditional on-premises environments, the era of widespread cloud adoption has added new complexities to the challenges, while also ushering in opportunities for innovative technologies and approaches to addressing those challenges. We will spend this chapter discussing some of those unique considerations and aspects as they relate to vulnerability management in the cloud.

Although the definition is a bit dated, for the purpose of the book we will be leveraging guidance from National Institute of Standards and Technology (NIST) as it relates to defining the cloud and its various service models. NIST's Special Publication (SP) 800-145 defines cloud computing as follows:

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.

Throughout this chapter, we will discuss each of the service models as well as aspects of the various deployment models that organizations may need to take into consideration as they build their vulnerability management programs.