Work item:
|
X.asm-cc
|
Subject/title:
|
Requirements of attack surface management for cloud computing
|
Status:
|
Under study
|
Approval process:
|
TAP
|
Type of work item:
|
Recommendation
|
Version:
|
New
|
Equivalent number:
|
-
|
Timing:
|
2025-09 (Medium priority)
|
Liaison:
|
ITU-T SG13
|
Supporting members:
|
China Telecom, China, China Unicom
|
Summary:
|
Nowadays, cloud computing continues to evolve and organizations are rapidly adopting new technologies to enhance their cloud infrastructure and services. However, the advent of these new technologies and trends brings not only benefits for both cloud service providers and customers but also security challenges. Notably, the attack surface can expand massively as more assets/resources and services are migrated to the cloud.
The fast-grow and massive attack surface expansion has led to a significant increase in successful attacks targeted on cloud facilities and services. The main issues are unmonitored blind spots have been exploited by attackers to breach cloud infrastructure/services, escalate their attacks, and move laterally.
Therefore, it is essential for organizations to implement a comprehensive and inclusive security strategy to address the expanded attack surface that arises with the advancements in cloud computing. Given the maturity of the technological landscape, leading companies and organizations have placed a greater emphasis on Attack Surface Management (ASM). ASM entails identifying and mitigating potential vulnerabilities and attack vectors, continuously monitoring for suspicious activity, and having contingency plans in place to address security incidents that may occur.
This Recommendation provides an overview of Attack Surface Management (ASM) for cloud computing, including its definition and background context. It also analyses the vulnerabilities and threats associated with the expanding attack surface as a result of the evolution of cloud computing. Furthermore, it provides specific requirements for ASM of cloud computing to improve the management of attack surface during security operations for both Cloud Service Providers (CSPs) and Cloud Service Consumers (CSCs).
|
Comment:
|
-
|
Reference(s):
|
|
|
Historic references:
|
Contact(s):
|
|
ITU-T A.5 justification(s): |
|
|
|
First registration in the WP:
2023-03-06 14:01:45
|
Last update:
2024-09-17 15:15:49
|