You need to secure your operations!
Top 10 critical operational areas to focus on cloud cybersecurity — CyberForged
Cybersecurity areas when operating the cloud
Good morning everyone! I hope you are rested because today comes one of those articles that are loaded: The top 10 operational areas that are critical and that we need to pay attention to no matter what (they directly affect the cybersecurity in the cloud we are using in our potential company). These areas are complementary to those we saw yesterday in this article, where we talked about the areas we have to focus on when we talk about data governance and in general the company’s risk.
Unlike yesterday, today we are going to focus more on the areas that have to do with the cloud itself operating. In other words, what do we need to focus on once we have our systems already running on the cloud infrastructure, and what is their real importance? As we did yesterday, we will use the CSA document to guide us and list the elements that are generally accepted by the community.
Shall we get started?
Management plan and business continuity
Of all the points in this article, this one may be the most important in cloud cybersecurity: we must protect the management plane. This management plane is made up of all those cloud APIs that allow us to manage the elements that reside in them, and also the management consoles.
Can you imagine what a disaster it would be if a potential attacker had access to your AWS management console? This would mean that the hacker would have direct access to all your data and elements, which could already start extorting you, for example. Both APIs and management consoles should have extra security measures, such as multi-factor authentication or very restrictive accounts.
Within this point, we include business continuity plans, which take care of getting our systems back up when there is a disaster or a service interruption. Can you say that your company is prepared to react if, for example, Google Cloud stops providing service tomorrow? This type of plan ensures that the business continues to function, even if some of its key parts fail.
In a real environment, we would have network engineers fixing network vulnerabilities in (for example) CISCO routers. They would be on the lookout for the company’s official patches so that they could install them when needed and maintain the level of security.
What is the problem in the cloud? Well, in the cloud we don’t have access to the cloud provider’s “physical” routers, so it seems that the infrastructure is the provider’s responsibility. Nothing could be further from the truth: In some models (such as IaaS for example), we are responsible for the infrastructure that maintains our cloud systems. For example, if the service provider releases a new version of a network element such as Application Gateway, it will be our responsibility to update it from the administration console or from the management APIs.
Virtualization and containers
The same applies to infrastructure security: we must always be on the lookout for possible vulnerabilities in hypervisors or in the software that supports the containers we may be using (kubernetes, openshift, etc.).
Incident response, notification, and remediation
What happens if one day when we arrive at the office we suddenly see that all our servers have been attacked by a denial of service attack? What happens if one of our Web Application Firewalls (WAF) detects that an SQLi attack has managed to attack one of our databases? What happens if, within our company, the DLP detects a data exfiltration?
All these questions must be answered in order to ensure that we have incident management, response and remediation processes in place. These types of plans can be ignored by smaller companies due to lack of time, but, as with the business continuity plan, when one of these plans is needed, it is too late to do it and the damage will be enormous.
Today, almost 80% of all attacks are software-related. There are even entire pages dedicated to the publication of proofs of concept to exploit vulnerabilities in applications such as https://exploit-db.com.
In our potential company, we must have a secure development process in which we constantly analyze the environment and code of our applications to detect existing vulnerabilities as soon as possible.
Data security and encryption
We already talked about data in the previous article, but it is still important: Each type of data (more sensitive, less sensitive, more public, less public…) has more restrictive or freer security and encryption requirements when it comes to cloud cybersecurity.
It is very important that to ensure security in the cloud, these data always maintain the level of security according to their level of sensitivity, using the relevant security and encryption mechanisms.
Identity, encryption, and access management
This area is clear: Everyone in the cloud must have an identity, and those identities must be properly controlled and stored. When we say everyone, it means that even services operating in the cloud must have such mechanisms available: identities so that they can be controlled, for example, where they can automatically access without the intervention of an administrator.
It is very important when planning cloud cybersecurity to consider the current on-premise identity model to see if it fits with the provider’s identity strategy.
Security as a Service
Within this area is one of the biggest advantages of using the cloud today: There are many services offering cloud-native security at very affordable prices. Security consoles that automatically detect vulnerabilities in infrastructures or security service packages that can be contracted on a pay-per-use basis mean that companies have at their disposal levels of security that would be very expensive to acquire in the on-premise model.
Although we are talking all the time about cloud security, there are certain paradigms that can radically change the structure. Technologies such as blockchain or big data can add new challenges to cloud security that must be studied in detail.
Finally, we have to be careful with people, even with the workers of our own company. It is very important that employees are aware of all internal company processes, regulations, and the environment of working in the cloud. Situations such as an employee creating thousands of virtual machines with the associated cost without realizing it has happened in the past, so we must maintain continuous training and awareness to ensure that these situations are very unlikely to happen.
In future articles, we will develop these areas in order to study them in more depth and even describe tools that can be useful. What did you think of this Top of cloud cybersecurity areas, do you have any comments? Leave it below!
Originally published at https://cyberforged.com on April 20, 2021.