Cloud Computing Security
In order to understand cloud security, first we have to understand the services under cloud computing such as: hosted services, softwares, hardwares and storage all over the Internet.
As we also learned in the class, rapid deployment, low-cost, flexibility, stability are the reasons why organizations have shifted to cloud computing.
The \’Check Point’ describes cloud computing requirements including “policies, controls, services and that protect cloud data, applications and infrastructure from threats.”
Who’s responsible of cloud security?
Personally, when I think about cloud security two parties seem responsible to me which is cloud provider and customer/user of cloud services. Again, we discussed about different type of cloud services that can be performed by provider and every single of them might have different policies or controls against cyber threats.
However, most of the time security responsibilities that provider has includes protecting the infrastructure provided to the customer when user has to manage user access and privileges within organizations. The personal access is crucial to cloud services and they should be assigned well by cloud specialist. During the class, we talked about how cloud services has the advantage over physical datacenter because you don’t need to take the risk of anyone within company to walk into your data center but risk is still out there even everything performs online. Therefore, the access and users should be designed securely to cloud services.
The ‘Check Point’ website talks about ‘7 advanced cloud security challenges’ such as :
-Increased Attacked Surface
-Lack of visibility and tracking
-devops, devsecops, and automation
-granular privilege and key management
-cloud compliance and governance
The ‘Check Point’ website also talks about ‘6 Pillars of robot cloud security:
-Granular, policy-based IAM and authentication controls across complex infrastructures
-Zero-trust cloud network security controls across logically isolated networks and micro-segments
-Enforcement of virtual server protection policies and processes such as change management and software updates:
-Safeguarding all applications (and especially cloud-native distributed apps) with a next-generation web application firewall
-Enhanced data protection
-Threat intelligence that detects and remediates known and unknown threats in real-time
What is exactly security of cloud?
Accordingly ‘Force Point’, “cloud security consists of a set of policies, controls, producers and technologies that work together to protect cloud-based systems, data and infrastructure”. In addition to protecting cloud data, decisions applied should meet compliance regulations and protect user’s privacy. Main goal is to prevent unauthorized access and to keep data and applications in the cloud securely. Force Point recommends authenticating access and filtering traffic to fight against security threats. Again, security is crucial for cloud systems because they became so popular and include important data. Therefore, cloud system should be protected against both external and internal cybersecurity threats.
Segmentation of cloud security
McAfee’s online platform addresses different aspects of cloud security such as:
-SaaS-Software as a Service: customers are responsible for securing their data and user access
-PaaS – Platform as a service: Customers are responsible for securing their data, user access, and applications.
-IaaS – Infrastructure as service: Customers are responsible for securing their data, user access, applications, operating systems and virtual network traffic.
Cloud Security Challenges
McAffe lists some challenges for security:
Most of the time, cloud services receive access from outside of the corporate network or from devices not managed by IT. Which causes the need of monitoring cloud access by IT team.
When organizations work with third-party cloud provider, they became less active on their data and controlling their premises.
Cloud Security Solutions
McAfee talks about some solutions such as:
1-API connection that lets IT team to view what stored in the cloud, who used it, when it used..
2- After you gain visibility with API, you should define data classification, loss prevention, collaboration control, and encryption on cloud data.
3. User access control can be authorized by CASB-Cloud Access Security Broker- to enforce access controls.
4. File-scanning, application whitelisting, machine learning detection and network traffic analysis can be solution against malware that attack your cloud.
5. Compliance requirement and practices should be argument with risk assessment and compliance assessments. HIPAA, PCI and Sarbanes-Oxley becomes more important when you engage your data within cloud services.
AWS Cloud Security
I also wanted to look into AWS’s approach to this poular topic cloud security since we just worked with AWS cloud systems during this semester. They have solid understanding against cyber threats and reliable reputation for security. AWS provides control and confidence to the user to run their business cloud with flexible and secure environment. Some specific functions that AWS Cloud offers to customers:
-Secure scaling with superior visibility and control where you can control the data stored and who can access it. You can manage any records that information consumes any moment. Continuous monitoring and real-time security information also helps you to secure your cloud.
- Automation and reduction risk with deeply integration. As an owner of the cloud system, you gain automation feature for your tasks on AWS by reducing human configuration errors.
AWS also has 4 pillars on their security policy such as: prevent, detect, respond and remediate.
What’s different about cloud security?
Red Hat platform believes that many people understand the benefit and advantages of cloud but they are equally deterred by the security threats. First gap between physical data center and cloud service security is the traditional environment. Cloud environments are highly connected and making easier for traffic to bypass traditional perimeter. Therefore, APIs should be fully secured and identity management should be strong.