Cloud Security Basics: 5 Steps to keep your multi-cloud environment safe
Cloud technologies can provide modernized, faster, and more agile IT environments at a fraction of the cost of managing on-premises infrastructure. As organizations move to the cloud, it’s especially important that security is taken into consideration as part of the process. These dynamic environments require a shared security responsibility between the Cloud Service Provider (CSP) and the organization using the cloud.
In multi-cloud environments where various servers, access points, and configurations are required across multiple infrastructures, security can become a daunting task. In fact, cloud misconfigurations made by organizations is the top reason for cloud data breaches today.
There are several basic steps organizations should take to develop an achievable multi-cloud security strategy. This will not only help to prepare for cloud adoption, but more importantly, will give your executives the confidence that you understand how to help keep your organization safe from cloud cyber-attacks in the process.
Before we dive into the details, it’s important to understand the different types of clouds and cloud services available. This will help your organization pick the best option that meets your specific business needs.
What are the different types of cloud?
Cloud computing can be broken into three categories provided by CSPs:
A cloud infrastructure which is not shared but maintained on hardware and software used only by your organization. Private clouds are used to provide improved scalability from on-premises infrastructure, while still providing a high amount of control and flexibility to your organization.
This is the most common cloud usage. In public cloud, customers share cloud resources that are owned and managed by the CSP. It provides high availability and scalability with minimal maintenance required at very reasonable prices. A common use case of public cloud would be online office applications or data storage.
A combination of private and public cloud, providing customers improved security, flexibility, and deployment options. With hybrid-cloud, your organization can run a secure private cloud, while also benefiting from public cloud resources in case of overflows.
What are cloud service models?
In addition to the 3 different cloud deployment types, there are also various service models that can be implemented or used by organizations:
Infrastructure as a Service (IaaS)
This is the most known use of cloud. IaaS provides hardware, computing, network, and storage through the provision of virtual resources. Examples include using storage or virtual servers in AWS, GCP, or Azure.
Software as a Service (SaaS)
SaaS services provide fast and easy web-based access to applications that you purchase through license agreements or subscriptions. SaaS applications are controls and managed and maintained by the vendor who sells them. Some examples include Office 365, Dropbox, and Salesforce.
Platform as a Service (PaaS)
Cloud PaaS is used to develop, test, and organize your organization’s internal applications. It is meant for software development businesses to provide fast, simple, and scalable access to computing environments. Google App Engine is an example of a PaaS.
How do I secure my multi-cloud infrastructure?
Whether you have private, public, or hybrid environments, it is crucial that your organization take cloud security seriously.
Step 1: Understand your shared responsibility for security your environment
Your responsibility for certain components of cloud security will vary depending on which cloud type and service mode you choose. For example, with SaaS products, the primary responsibility for security is with the vendor. However, with an IaaS service, there is a shared responsibility. The first step is to understand where the CSPs responsibility ends and yours begins. This can be accomplished by reading your Service Level Agreements and CSP contracts. It may even be a good idea to incorporate your organizations legal council in this process.
Step 2: Perform cloud asset visibility
Perform Cloud Asset Visibility – Just like with any other network your organization uses, having an up-to-date inventory on all your cloud assets is a critical component of security. A mapping of accounts, virtual private computers (VPCs), regions, S3 buckets, and where your sensitive data is located, provides a clear baseline of your operating state. This allows your team to quickly identify anomalies like new workloads being spun up or rogue accounts. Identifying system, applications, and running services will also assist in acceleration any remediation as well as understanding when those assets have vulnerabilities that need to be patched. It is important to not only have visibility, but to keep an ongoing visual mapping to ensure the architecture is easy to understand and current.
Step 3: Identify and manage configuration risks
Misconfigurations are the most common cause of cloud breaches. The Center for Internet Security (CIS) has created Cloud Benchmarks for securing each CSP’s products and services. Some common areas of misconfiguration include object storage access policies, exposed security groups, autoscaling instances, and firewall misconfigurations. Once risks are identified, your team should ascertain security controls in the continuous integration/continuous delivery (CI/CD) process. This will help with proactive mitigation of potential future misconfigurations.
Step 4: Implement a strong access management plan
Access management across resources, actions, and identities can be complicated. Implementing a least-privilege access policy is the most important component of access management. This protects your cloud environment from privilege escalation or lateral movements within your infrastructure. Just like with cloud visibility of assets, it’s important to keep inventory and review user account activities and permissions.
Step 5: Apply a continuous detection and monitoring process to your cloud architecture
Just like with your on-premises network, adding 24/7 detection and monitoring will help you quickly identify any misconfigurations or issues with your cloud environment. Detecting any anomalous behavior or unexpected activities can reduce the risk or severity of a breach. Using automation technology to develop playbooks that help stop suspicious activity is also beneficial. Implementing continuous cloud monitoring can also help you maintain audit and compliance requirements.
Where do I start with cloud security?
Having some helpful steps is just the beginning of securing your cloud. The best place to start is to identify a compliance standard or benchmark to measure against. This will help you keep an ongoing record and clearly defined standard to implement. By choosing a standard, you can also baseline your current security posture to understand how you are progressing in improving your security over time. Having this data is not only extremely useful for internal team tracking, but also to measure progress, justify budgets, and communicate how your team is tackling cloud security to your C-Suite or executive team.
Whether you’re migrating to the cloud or starting from scratch, Foresite Cybersecurity offers a variety of cloud detection and response solutions to help your organization gain visibility and reduce risk across all your cloud environments.
Video: Cloud security 101
Marcela Denniston is a Cybersecurity Expert who has been building military-grade security operations teams since 2002. Today, she is the SVP of Marketing for Foresite Cybersecurity, where she uses her subject matter expertise to drive meaningful content and messaging that speaks to true cyber practitioners.