What happens when an organization extend their infrastructure to "The cloud"? When they add the complexity of cloud computing how does this change their vulnerability management program? Do they just point the scanner at the cloud provider and "Let 'er rip"? Their provider may be less than pleased with this method. So what needs to change? Scan discovery, frequency and methods all need to be part of the equation! To the cloud.