OpenStack security leaders have detailed the capabilities and best practices for security, compliance and privacy.     Learn More

OpenStack In The Enterprise Back to Top

OpenStack addresses cloud security

OpenStack security leaders detail capabilities and best practices for security, compliance and privacy

Read Securing OpenStack Clouds now
Download
< Software Homepage
  • Security

OpenStack provides peace of mind

Open source

More eyes on open code translates to faster bug identification and fixes. Anyone with a launchpad.net/openstack id can securely report suspected vulnerabilities.

Dedicated team and tools

OpenStack Security Team provides oversight and tools to ensure secure code and notify users of vulnerabilities and resolutions.

Best practices

Implementation and best practices: Security Guide

Vulnerabilities with patches or mitigation: Security Advisories and Notes.

OpenStack awarded the
Core Infrastructure Initiative Best Practices badge

The Core Infrastructure Initiative is a Linux Foundation project that develops criteria and validates open source projects meeting best practices for security, quality and stability. OpenStack is now validated by a trusted third party and is 100% compliant.

Read the press release for more information.

Security is a multi-stakeholder effort backed by the vigilant OpenStack Security Team

OpenStack security is a collaborative effort across thousands of developers who work together to ensure that OpenStack provides a robust, reliable, and secure cloud for public, private, and hybrid deployments. Securing OpenStack is an extension of a well-understood problem― securing normal IT infrastructure, like keeping the infrastructure patched, reducing attack surfaces, and managing logging and auditing.

The OpenStack Security Project, and the Vulnerability Management Team (VMT) within it, coordinates the work needed to identify, limit, and resolve security issues and vulnerabilities across the OpenStack projects.

 

White paper highlights

The Securing OpenStack Clouds brief will answer important questions such as:

  • How does OpenStack ensure the stack is secure?
  • Where should deployers begin?
  • Does OpenStack support multi-factor authentication? Data encryption?
  • Can OpenStack support commercial and government compliance standards and certifications?
  • How can OpenStack support an organization’s privacy policy?
  • How do I get updates and patches?
  • Is there a clear-cut process for users to report security issues?
  • Do enterprises have secure OpenStack clouds in production?
  • How do I learn more?

In this paper, we’ll address some of the questions about security, compliance and privacy we’ve received from users and technologists. We’ll demonstrate OpenStack readiness for your workloads, and facilitate trust and relationships between your team and the OpenStack community.

Download The Report

Related content

More on OpenStack security and opinions from the analysts.

User success stories

An OpenStack Security primer

Superuser TV interview with Travis McPeak, OpenStack Security Architect: Getting to Know the OpenStack Security Project

Superuser TV interview with Travis McPeak, OpenStack Security Architect: Getting to Know the OpenStack Security Project

Analysts report OpenStack is Ready for Business

Analysts report OpenStack is Ready for Business

Join us in Boston to learn more about security in OpenStack

Attend the OpenStack Summit in Boston to meet the Security Project team and hear directly from enterprise and government users on how they secure their OpenStack clouds.

May 8-11, 2017 in Boston
Learn More