Thwarting cloud attacks with gold standard security
By Josh Lemon, certified instructor and course author, SANS Institute
Thursday, 08 June, 2023
Technological innovations are motivating organisations to adopt cloud services across the entire business. But is this a good move? While the cloud has the capability to revolutionise processes and the way operations such as critical infrastructure operators, it can also introduce security risks if its introduction is rushed.
Cloud providers are constantly improving the security of their solutions, which may tempt organisations to rely on these services solely. However, to ensure security, it’s imperative that organisations build security expertise and capabilities in-house, as well as rely on external providers.
Security professionals need appropriate time and resources to ensure their organisations are protected. Here’s how they can help businesses forge a solid foundation while moving to the cloud.
Cloud threat modelling
While it’s important for organisations to move their assets and critical information to the cloud, they must be aware that cybercriminals are not deterred by the cloud, in most cases they will still attack cloud infrastructure the same as they would on-premise infrastructure.
Security teams need to use threat modelling to aid in anticipating cloud attacks. Understanding cybercriminals’ tactics and techniques in cloud attacks makes it possible for organisations to detect breaches before too much damage, if any, can be done.
Cloud threat modelling sees organisations consider various factors, including: adversaries, attack techniques, outcomes and risks, and potential countermeasures. Cloud threat modelling is strategic and proactive; it lets organisations better focus their resources when it comes to defending their cloud infrastructure.
Here are three gold standard security pillars for organisations to consider.
Security Pillar #1 Identity and access management
Identity and access management (IAM) determines ‘who needs access to what’ and controls the entire lifecycle of a user. This ensures that only people who need to access specific files or information can access it. This ultimately helps limit the impact of a breach, as users are only provisioned with access to information they specifically need.
A significant cloud-driven shift in identity management is the advent of machine identities and roles versus traditional human identities. Machine identities — such as services roles for systems like Cloud VMs, cloud functions and containers — can help mitigate the risk of potential cyber attacks when technical accounts and programmatic actions are being deployed.
Security Pillar #2 Data security
Encryption is one of the most fundamental controls for data security in the cloud and there is capability to quickly implement encryption at scale. It’s essential to understand your organisation’s needs as this encryption will prove sufficient for some organisations; however, in many other cases, the data protection will need to be much more specific.
Another critical factor is secrets management — managing sensitive sectors (including encryption keys, API keys, passwords and other credentials) is immensely challenging for most organisations. Data loss prevention (DLP) is also essential. Many organisations turn to DLP tools and services, which have been traditionally notorious or challenging to implement and maintain for on-premise systems.
Security Pillar #3 Visibility
As the third security pillar, visibility emphasises the importance of monitoring and controlling activities in the cloud environment. Guardrails are a vital aspect of enhancing cloud security in this context, as they are automated policy enforcement mechanisms that help organisations establish and maintain a secure cloud infrastructure.
Guardrails can be configured to monitor cloud activities, configurations and deployments, ensuring they align with the organisation’s security policies and best practices. By implementing guardrails, security teams can detect and prevent security risks in real time, allowing them to respond more effectively to potential threats.
Examples include:
- Configuration checks: Ensuring that cloud resources are correctly and securely configured according to the organisation’s guidelines.
- Access control: Restricting access to sensitive data and services based on the principle of least privilege.
-
Data protection: Monitoring data storage, access and transfer to ensure compliance with data protection policies and regulations.
In addition to guardrails, visibility in the cloud can be further enhanced by leveraging tools that collect and analyse network flow data. Network flow data refers to metadata that provides information about network traffic patterns, including source and destination IP addresses, ports and protocols. This data can be invaluable in detecting suspicious activities and identifying potential security threats at a network level.
Visibility tools, such as network firewalls and intrusion detection and prevention systems (IPS) or data loss prevention systems (DLP), can be used independently to monitor and protect the cloud environment. Some of these systems are offered natively by several cloud providers already. Network firewalls control incoming and outgoing traffic based on predefined security rules, while IPS solutions detect and prevent intrusions by analysing network traffic patterns for signs of malicious activity. DLP systems can give organisations greater control of tracking sensitive data moving within, or out of, their cloud environment.
When used alongside the collection of network flow data, these tools can provide a comprehensive view of the cloud environment’s security posture. By correlating network flow data with events and alerts from firewalls, IDS and DLP systems, security teams can gain deeper insights into potential threats, allowing them to respond and mitigate risks proactively.
Implementing guardrails and leveraging management and security tools that collect network flow data can significantly enhance an organisation’s ability to detect and respond to potential security threats.
How can we stay secure but also be proactive?
Cloud security is consistently evolving, and we must utilise the virtuous circle of security improvements in the cloud. This gives security professionals comfort in building a strong cloud security program to protect an organisation’s infrastructure.
However, this progressive adoption of growing technological advances must continue. The growth of cloud services means there is an expansion of dynamic processes to assist in the successful security of the cloud. By conducting proactive threat modelling exercises and following the three primary mitigation categories, one can ensure the longevity of a dynamic cloud security plan.
By adopting a proactive approach to cloud security and incorporating the three gold standard security pillars — Identity and Access Management, Data Security, and Visibility — organisations can build a robust and dynamic cloud security plan that evolves with the ever-changing threat landscape.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.