Cloud Security: Knowing the Basics

Posted by Amber Picotte on 6/11/19 10:53 AM
Amber Picotte
Find me on:

Cloud computing is a $136 billion industry, and it continues to grow. As consumers become more technology-savvy, individual use of cloud services enters the realm of convention. Cloud migration is picking up speed because it introduces cost-effective and flexible services into a previously expensive technological sphere. However, cloud computing also gives rise to new security challenges.

An introduction to cloud security.

This article explains the composition of the cloud security perimeter, reviews the top cloud security threats, and provides popular cloud security practices.

What Is Cloud Security?

The Cloud Perimeter

Cloud security is the process of protecting computing ecosystems and resources that reside in the cloud, such as:

  • Computing environments—the location of your computing resources. You can host your computing resources in a public cloud, where you share computing power and space with other companies. Cloud providers also offer private cloud environments, where you can rent computing power and space for private use. If you’re well versed in cloud computing, you can combine public and private clouds into a customized hybrid architecture. If you want to integrate a number of third-party cloud vendors into your overall cloud computing ecosystem, you can try the multi-cloud model
  • Infrastructure—virtualized computing workloads such as virtual machines and servers
  • Platforms—application development resources such as operating systems
  • Software—cloud-based software such as Google Docs and Google Calendar
  • Databases—database resources such as storage, recovery, and backup

The Cloud Security Composition

Cloud security enforces security controls in cloud environments through the use of:

  • Policies—a cloud security policy serves as the foundation of your cloud security. Your cloud security policy should provide clear guidelines that define the perimeter of the cloud ecosystem.
  • Procedures—defines the specific processes and tasks that go into protecting your cloud environment. This is the blueprint of your cloud security and includes any security steps enforced by third-party vendors and your in-house team.
  • Technological tools—help protect your cloud computing environment. Basic cloud security tools may include traditional security controls such as firewalls and encryption, while advanced solutions can provide automation and Artificial Intelligence (AI) capabilities.

Why Cloud Security Matters—Top Cloud Security Threats

The SANS 2019 Cloud Security Survey Report found that even though cloud security has improved since 2017, the security landscape has become more complex. Emerging technologies are blurring the clear-cut security boundaries of traditional IT that only encompass the corporate network, and sophisticated cyber attacks keep security teams on high alert.

Here’s a list of the top cloud security threats organizations face in 2019:

1. Cloud account hijacking

An identity theft scheme in which attackers steal cloud account information such as emails and passwords. The attacker uses the account information to impersonate the account owner.

2. Misconfiguration of cloud resources

An attack that exploits the vulnerabilities in the design of a cloud resource. Misconfiguration is often the cause of:

  • Data breaches—thefts of private data and corporate information
  • System downtime events—attacks that deliberately shut down your systems

3. Privileged user abuse

This type of attack occurs when users—authorized or otherwise—use their privileges inappropriately or fraudulently. The abuser can be a cyber attacker with malicious intent, an insider threat, or a mistaken employee. The common consequences of privileged user abuse are:

  • Data loss—the data is deleted from the company’s servers
  • Theft of trade secrets—when an insider threat or outward attacker steals company resources.

4. Insecure or compromised Application Programming Interface (API)

Cloud technology excels in the ease of automation and integration it provides; this is what makes cloud the first choice for agile and DevOps processes. Automation and integration between cloud systems is primarily driven by APIs, which can be an insecure backdoor to sensitive production systems. Especially on the cloud, APIs must be treated as first class citizens from a security perspective, with strong authentication, monitoring and alerting.

How To Secure The Cloud—Top Cloud Security Best Practices

Below are four of the most important best practices for securing your cloud environment.

1. User Identity and Access Management (IAM) Solutions to Prevent Privileged User Abuse

Devices and networks clutter today’s digital landscape, and security teams struggle to define a centralized perimeter to defend. Cloud computing has extended the cybersecurity perimeter to beyond the boundaries of an organization—it allows users access to digital resources from multiple devices and physical locations. Without visibility and proper access control, organizations can’t defend their cloud infrastructure.

Identity and Access Management (IAM) solutions provide advanced management of user roles and access privileges. You can use IAM solutions to define exactly who gets to use a cloud resource, how, and even when. You can set up alerts that monitor behavior, instigate a pre-configured response to anomalous activity, and prevent privileged user abuse.

Some foundational components of an IAM system include 2FA (2 Factor Authentication) and SAML (Security Assertion Markup Language) more commonly referred to as Single Sign-On.

2. Prevent Data Loss by Setting Up Backup and Recovery Solutions

Data is the backbone of your cloud ecosystem. This includes raw data generated by connected devices and systems, information that moves from one communication channel to another, and business intelligence reports generated by your analytics teams and tools.

Data moves fast in the cloud. Because systems are heavily interconnected, one erroneous or malicious command can delete vast amounts of data, or purge sensitive data volumes. Compromised accounts or those held by malicious insiders can quickly escalate privileges and cause catastrophic damage. Ransomware can spread faster and do more damage than in on-premise systems, which are typically more segregated and have a clear security perimeter.

You can help prevent data loss by setting up the following solutions:

  • Backup—use backup solutions and safeguard duplicate copies of your data in another repository. Your backups must be on a separate cloud account, separate availability zone, or preferably even in another cloud altogether, to prevent attackers from deleting them. The safest option is always backing up on-premise, but this can have prohibitive cost. Backups should be performed on a continuous basis with the shortest possible Recovery Point Objective (RPO), with robust management, automation and prioritization.
  • Archives—create occasional duplications of data and keep them in archives. Archives are great for large amounts of data that you don’t need for frequent use. For example, you can use an archive if you need to retire some of your data, but keep it accessible for occasional use.
  • Recovery—set up a variety of processes for recovering lost data, such as automatic backup, automated disaster recovery, and user management. You can integrate with your repository of choice, which allows you to create automated backups for your cloud storage or implement customized disaster recovery.

3. Ensure Hygiene and Visibility

Cloud environments are characterized by a large number of moving parts - short-lived cloud instances and containers, elastic data volumes, clustered assets such as data warehouses, and serverless functions.

It is essential to adopt technology solutions that provide a current and historic inventory of all cloud assets, to prevent sprawl and eliminate assets that needlessly expand your threat surface. Being able to quickly and reliably see what assets you’ve deployed, what users deployed them, and what those assets “did” is the first step in building a perimeter you can secure because, you can’t secure what you can’t see.  

4. Monitor for Compliance & Secure Configuration

Many regulations and compliance standards, such as SOC, FedRamp, HIPPA, GDPR and PCI/DSS, require organizations to demonstrate that sensitive assets were hardened, configured correctly and secured across time. In the event of an audit, or breach notification, you will have to provide evidence that all affected systems were properly secured.

On the cloud this is quite challenging. It may be difficult or plain infeasible, depending on the scale and complexity of your environment, to assemble a log of systems and configurations using traditional logging tools due to the ephemeral nature of cloud assets.

While the list above covers the basics of the most popular cloud security practice, here are a comprehensive set of guidelines based on CIS benchmarks for the main cloud providers:

Uptycs: Osquery-Powered Security Analytics Platform

Uptycs is a cloud-based platform which leverages the open source universal agent, osquery, to extract hundreds of system attributes across operating systems and cloud workloads, providing the missing pieces in most cloud deployments: hygiene, visibility, intrusion detection, compliance and configuration monitoring, and more.

Learn more about our technology to see how you can regain visibility and establish a clear security perimeter even in the most complex cloud environments.

Join our free osquery security workshop prior to AWS reInforce!

Topics: cloud monitoring, cloud security, containers, cloud compliance

Uptycs Blog | Cloud Security Trends and Analysis

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you'll enjoy our blog enough to subscribe, share and comment.

Find Uptycs Everywhere

Subscribe for New Posts

Recommended Reads