Friday, November 26, 2021

The Cloud Security

What is Cloud Computing?

Cloud computing is the on-demand availability of computer system resources, especially computing power, data storage and network resources, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet. Large clouds, predominant today, often have functions distributed over multiple locations from central servers. If the connection to the user is relatively close, it may be designated an edge server.

Cloud Service Types: 
Most cloud providers attempt to create a secure cloud for customers. Their business model hinges on preventing breaches and maintaining public and customer trust. Cloud providers can attempt to avoid cloud security issues with the service they provide, but can’t control how customers use the service, what data they add to it, and who has access. Customers can weaken cybersecurity in cloud with their configuration, sensitive data, and access policies. In each public cloud service type, the cloud provider and cloud customer share different levels of responsibility for security. By service type, these are:
  • Software-as-a-service (SaaS) — Customers are responsible for securing their data and user access.
  • Platform-as-a-service (PaaS) — Customers are responsible for securing their data, user access, and applications.
  • Infrastructure-as-a-service (IaaS) — Customers are responsible for securing their data, user access, applications, operating systems, and virtual network traffic.
 Cloud Security Threats:  

In 2016 the Cloud Security Alliance published a list of the top 12 threats cloud computing faces.
  •     Data breaches. Theft of data is a risk whether your cloud usage is Infrastructure as a Service, Platform as a Service, or Software as a Service. Both personally identifiable information and intellectual property are of great interest to hackers.
  •     Insufficient identity, credential, and access management. Strong access controls are critical to appropriate identity management in the cloud. Misconfigurations can easily make turn private resources into public ones.
  •     Insecure interfaces and APIs. The remote nature of cloud means that services and data are exposed through application programming interfaces, including those used for provisioning, management, and monitoring. These interfaces are often targeted for attack and can contain vulnerabilities that introduce security risks.
  •     System vulnerabilities. Cloud doesn’t eliminate the impact of bugs in operating systems and applications. The shared resources of the cloud can create new opportunities for malicious actors to exploit system vulnerabilities to access machines and data.
  •     Account hijacking. Stolen credentials let attackers gain access to accounts and take over control of your servers, data, and other IT resources.
  •     Malicious insiders. For many companies, the biggest threat isn’t from outsiders, but from unhappy insiders who can easily access and exploit confidential data.
  •     Advanced persistent threat. Not every cyberattack is the equivalent of a smash-and-grab break in. Some are carefully constructed and executed over a period of time, enabling the attacker to gain entry and then conceal their movement around the network.
  •     Data loss. Some threats to cloud computing aren’t the result of outside attackers. You can lose data if it is accidentally deleted or if a fire or flood damages storage devices. Data can even be lost when its file is accessible, if the content is encrypted but the key was lost.
  •     Insufficient due diligence. Some threats come from high up the management chain. If executives aren’t cautious in their decision making and don’t perform due diligence, the choice of cloud provider can create technical and legal risks to the business.
  •     Abuse and nefarious use of cloud services. The accessibility of cloud, as well as the availability of free trials and the ability to pay for services by credit card, make it easy for malicious individuals to misuse cloud resources.
  •     Denial of service. Although high availability is one of cloud’s benefits, the cloud isn’t immune to Denial of Service (DoS) attacks.
  •     Shared technology vulnerabilities. Public cloud resources are shared by users; without special arrangements, you don’t have sole use of physical devices. Vulnerabilities in tools potentially expose services and data to other tenants.


Cloud Security Solutions:

Organizations seeking cloud security solutions should consider the following criteria to solve the primary cloud security challenges of visibility and control over cloud data.

  • Visibility into cloud data - A complete view of cloud data requires direct access to the cloud service. Cloud security solutions accomplish this through an application programming interface (API) connection to the cloud service. With an API connection it is possible to view:
What data is stored in the cloud.
Who is using cloud data?
The roles of users with access to cloud data.
Who cloud users are sharing data with.
Where cloud data is located.
Where cloud data is being accessed and downloaded from, including from which device.

  •  Control over cloud data - Once you have visibility into cloud data, apply the controls that best suit your organization. These controls include:

Data classification — Classify data on multiple levels, such as sensitive, regulated, or public, as it is created in the cloud. Once classified, data can be stopped from entering or leaving the cloud service. 

Data Loss Prevention (DLP) — Implement a cloud DLP solution to protect data from unauthorized access and automatically disable access and transport of data when suspicious activity is detected.

 Collaboration controls — Manage controls within the cloud service, such as downgrading file and folder permissions for specified users to editor or viewer, removing permissions, and revoking shared links. 

Encryption — Cloud data encryption can be used to prevent unauthorized access to data, even if that data is exfiltrated or stolen.

  •     Access to cloud data and applications - As with in-house security, access control is a vital component of cloud security. Typical controls include:

User access control — Implement system and application access controls that ensure only authorized users access cloud data and applications.  A Cloud Access Security Broker (CASB) can be used to enforce access controls 

Device access control — Block access when a personal, unauthorized device tries to access cloud data. 

Malicious behavior identification — Detect compromised accounts and insider threats with user behavior analytics (UBA) so that malicious data exfiltration does not occur. 

Malware prevention — Prevent malware from entering cloud services using techniques such as file-scanning, application whitelisting, machine learning-based malware detection, and network traffic analysis.

 Privileged access — Identify all possible forms of access that privileged accounts may have to your data and applications, and put in place controls to mitigate exposure.

  •     Compliance - Existing compliance requirements and practices should be augmented to include data and applications residing in the cloud.

Risk assessment — Review and update risk assessments to include cloud services. Identify and address risk factors introduced by cloud environments and providers. Risk databases for cloud providers are available to expedite the assessment process. 

Compliance Assessments — Review and update compliance assessments for PCI, HIPAA, Sarbanes-Oxley and other application regulatory requirements.


Happy Hacking...Enjoy...

For educational purpose only...Do not misuse it...