OpenStack is one of the top 3 most active open source projects and manages 10 million compute cores     Learn more

OpenStack In The Enterprise Back to Top

OpenStack addresses cloud security

OpenStack security leaders detail capabilities and best practices for security, compliance and privacy

Read Securing OpenStack Clouds now

OpenStack provides peace of mind

Open source

More eyes on open code translates to faster bug identification and fixes. Anyone with a id can securely report suspected vulnerabilities.

Dedicated team and tools

OpenStack Security Team provides oversight and tools to ensure secure code and notify users of vulnerabilities and resolutions.

Best practices

Implementation and best practices: Security Guide

Vulnerabilities with patches or mitigation: Security Advisories and Notes.

OpenStack awarded the
Core Infrastructure Initiative Best Practices badge

The Core Infrastructure Initiative is a Linux Foundation project that develops criteria and validates open source projects meeting best practices for security, quality and stability. OpenStack is now validated by a trusted third party and is 100% compliant.

Read the press release for more information.

Security is a multi-stakeholder effort backed by the vigilant OpenStack Security Team

OpenStack security is a collaborative effort across thousands of developers who work together to ensure that OpenStack provides a robust, reliable, and secure cloud for public, private, and hybrid deployments. Securing OpenStack is an extension of a well-understood problem― securing normal IT infrastructure, like keeping the infrastructure patched, reducing attack surfaces, and managing logging and auditing.

The OpenStack Security Project, and the Vulnerability Management Team (VMT) within it, coordinates the work needed to identify, limit, and resolve security issues and vulnerabilities across the OpenStack projects.


White paper highlights

The Securing OpenStack Clouds brief will answer important questions such as:

  • How does OpenStack ensure the stack is secure?
  • Where should deployers begin?
  • Does OpenStack support multi-factor authentication? Data encryption?
  • Can OpenStack support commercial and government compliance standards and certifications?
  • How can OpenStack support an organization’s privacy policy?
  • How do I get updates and patches?
  • Is there a clear-cut process for users to report security issues?
  • Do enterprises have secure OpenStack clouds in production?
  • How do I learn more?

In this paper, we’ll address some of the questions about security, compliance and privacy we’ve received from users and technologists. We’ll demonstrate OpenStack readiness for your workloads, and facilitate trust and relationships between your team and the OpenStack community.

Download The Report

Learn more about OpenStack security

Learn how enterprise and government users secure their OpenStack clouds, and hear security updates from the upstream community.