Cloud security — also known as cloud computing security— essentially means the discipline and practice of ensuring that our cloud computing environments, data, cnapp, application code and every other business information stored on the cloud. Cloud security involves several steps taken to ensure that our cloud environment is protected against unauthorised use/access, DDOS attacks, hackers, malware, and other issues that can arise when our cloud environment is not properly secured.
There is a difference between cloud security and cloud based security, the former has already been explained but cloud-based security, refers to the software as a service (SaaS) delivery model of security services that exists in the cloud and not on our on-premise servers.\ In order to achieve ascertain a secure environment, these sets of policies, procedures and controls needs to be adopted by organisations regardless of whether a public, hybrid or private cloud type is being used. The main purpose of putting these security measures in place is mainly to protect every form of data stored in the cloud, achieve the best form of authentication/access management whether by users or devices, support regulatory compliance and protect our user’s privacy.
There is no one fixed way of making our business data safe on the cloud. The way your organisation/security teams decides to do this should depend on your business needs and the provider that you use. Regardless of which provider you use, these policies, controls and rules can be configured and managed in one place, thereby ensuring that our security teams focus on other areas of business.\ \ The way cloud security is delivered will depend on the individual provider or the cloud security solutions in place. However, implementation of cloud security processes should be a joint responsibility between the business owner and solution provider.
Importance of cloud security
If you are migrating from an on-premise infrastructure to the cloud, it is important to know that while it is impossible to ensure that our systems are perfectly safe, it is equally impossible to achieve a perfectly secure cloud. Well, if that is the case, why even bother to make the switch ? It is easy to keep our application code, cloud native applications and other resources safe in the cloud by following best practices. Also, working with a provider takes off this overhead since they offer a secure environment tailored to your infrastructure. This process gets even easier by the day since its very easy to make use of several open source technologies Going further, i will be talking about the best practices to follow but before that, lets looks at the pros of cloud native security.
Cloud security offers many benefits, including:
- Centralised security: While cloud computing centralises applications and data, cloud security ensures that the protection of our data/resources is centralised.
- Optimised costs: The main benefit of going the cloud native route is that you no longer need to own your own dedicated servers. This reduces the cost you spend to keep these servers up and running as well as the administrative overhead/need to even hire server admins. Cloud security gives you the ability to handle your security concerns in a more proactive approach with little to no human intervention required.
- Reduced Administrative Overhead: Moving to the cloud removes the need to administer servers since this is handled by the provider. Also securing cloud native application is even easier since you focus more on application development and your provider handles the native security.
- Reliability: the dependability you achieve when using a cloud infrastructure is relatively higher than a traditional on-premise infrastructure.
The full scope of cloud security is designed to protect the following, regardless of your responsibilities:
- Physical networks and devices like routers, electrical power, ethernet cables etc.
- Data storage devices like hard disks
- Servers: whether host machines or VM’s
- Middleware like APIs whether deployed on a single compute, as a container or even using kubernetes
- Operating systems
- Runtime Environment
- Applications: traditional software services (email, tax software, productivity suites, etc.)
- End-user hardware devices like mobile phones, tablets, IoT devices, etc.
Cloud security challenges
- Lack of Visibility & Control: The process of anyone in or organisations to spin up new instances/create resources is simplified in the cloud space and this is a huge problem. There need to be processes set in place for how authorisation is granted for a user to subscribe to a service or even create an instance. Luckily for us, this can easily be handled better using infrastructure as code to provision our resources. Also, paying for cloud resources essentially means that you do not own the hardware that your application code runs on and because of this, it is very vital to understand how the provider secures the environment.
- Data Ingress & Egress: Cloud native applications are meant to follow the micro-services architecture and this is currently the state of software development. Due to this, data needs to be passed from one end to the other through APIs and it is important for developers/teams to understand how access should be set up to restrict the API data from people or services that do not need it.
- Default Credentials & Secrets: Our app resources (code, container images, serverless functions) might contain default credentials. This poses as a risk and needs to be addressed by setting up secret managers and stores to keep them safe, non-guessable and not exposed.
- Multi-tenancy: while multi-tenancy allows us to achieve the highest economies of scale possible by sharing resources, it also introduces concerns regarding data isolation and privacy.
- Scalability Issues: Automation and scalability are part of the main benefits of cloud computing, but the down side includes vulnerabilities, misconfigurations, and other security issues that can also build up at rapid scale.
- Insider Threat Detection: Insider-related threats caused by human negligence are the most difficult to detect and tend to be more harmful. Strong knowledge of identity and access management is required to eliminate this threat, thus reducing damage.
- Dynamic/Complex Workloads: Securing cloud is challenging. For the most part, this is due to the fact that resources are provisioned and decommissioned dynamically at scale and at a much higher velocity than the legacy approach. This gets even harder if you in using multi-cloud. Traditional security tools are unsuitable for ensuring protection policies are enforced in such a dynamic environment that has ephemeral workloads. Fortunately, most providers have tools/services that can help your organisation handle this and also allow the usage of third party tools security tools that are capable of securing your cloud native application and entire infrastructure.
- DevOps & DevSecOps: Organisations that have embraced the highly automated DevOps CI/CD culture must ensure that appropriate security controls are identified and embedded in code and templates early in the development cycle. Security-related changes implemented after a workload has been deployed in production can undermine the organisation’s security posture as well as lengthen time to market.
- Privilege and Key Handling: The key principle to remember is that when creating roles is that the least required privilege should be given to either that service or user. It is very easy for someone to perform an unintended action. At the application level, improperly configured keys and privileges expose sessions to security risks.
- Compliance and Governance: While several providers have aligned themselves with most of the accreditation programs like PCI 3.2, NIST 800-53, GDPR and HIPAA, as a customers you are responsible for making sure your workload and data processes are compliant. There are so many tools that can help your business achieve this.
Core pillars of cloud security
While modern cloud providers such as AWS, Azure and GCP offer many cloud native security features and services, supplementary third-party/open source solutions are essential to achieve enterprise-grade cloud workload protection from breaches, data leaks, and targeted attacks in the cloud environment. Only an integrated cloud-native/third-party security stack provides the centralised visibility and policy-based granular control necessary to deliver the following industry best practices:
- Granular, policy-based authentication controls: it is recommended to manage user access using groups and roles instead of at the individual IAM level to make it easier to update IAM definitions more easily. Grant only the least required privileges that are essential to carry out tasks.
- Zero-trust cloud network security controls across logically isolated networks and micro-segments: Deploy business-critical resources and apps in logically isolated sections of the provider’s cloud network, such as VPC or vNET as it is called in the azure space. Always Use subnets to segment workloads from each other, with proper security policies at subnet gateways.
- Enforcement of virtual server protection policies and processes such as change management and software updates: Cloud security vendors provide robust Cloud Security Posture Management, consistently applying governance and compliance rules and templates when provisioning virtual servers, auditing for configuration deviations, and remediating automatically where possible.
- Safeguarding all applications with a firewall: This will properly inspect and control traffic to and from the servers.
- Enhanced data protection: Enhanced data protection with encryption at all layers, secure file shares, continuous compliance/risk management, and maintaining good data storage resource hygiene such as detecting misconfigured buckets and terminating orphan resources.
- Threat intelligence that automatically detects and remediates threats as soon as they are detected: Third-party cloud security vendors are really helpful in this case by intelligently cross-referencing aggregated log data with internal data like configuration management systems, vulnerability scanners, etc. and external data like public threat intelligence feeds, geolocation databases, etc. They also provide tools that help visualise and query the threat landscape and promote quicker incident response times.
How is cloud security different from traditional on prem security
Although Cloud security is a modernised from of cyber-security, it still has several improvements that makes it stand our from the legacy form of cyber-security. These include the below:
- Scalability: This is one of the benefits that you achieve when you go the cloud native route how ever, it is also vital to be familiar with cloud native application protection. The cloud gives you the ability to scale your resources at a pace faster than the legacy approach but this makes it a tad bit more challenging to keep up with.
- Data storage: Legacy IT systems relied heavily on data storage onsite. This requires a lot of management overhead and responsibility. On the flip side, working with a provider limits control.
- Proximity to other systems: In networking landscapes, a single weak device or component can be exploited to infect the rest. Cloud providers expose themselves to threats from many end-users that they interact with, whether they are providing data storage or other services. Additional network security responsibilities fall upon the providers who otherwise delivered products live purely on end-user systems instead of their own.
The one thing to bear in mind is that the responsibility to keep your environments does not solely rest on the shoulder of your provider. This is a shared responsibility. While it is the responsibility of the provider to keep the cloud secure, yours is to keep everything in the cloud safe and there needs to be a proactive form of monitoring set in place to catch vulnerabilities.