We’ve all heard of the “cloud”. What exactly is cloud computing and security? The cloud is an alternative to storing data on computer hard drives. It allows many users to store and access data over the internet, without direct management by the user. There are three types of cloud environments and cloud service models. This blog post will go over the different types and what you can do to protect your servers from future threats.

THE THREE PRIMARY TYPES OF CLOUD COMPUTING ENVIRONMENTS

  • Public Cloud Services: Hosted by third-party cloud service providers (eg. Amazon Web Services (AWS), Microsoft Azure, Google Cloud) and generally accessible through web browsers, so identity management, authentication, and access control are essential.
  • Private Clouds: Usually dedicated and accessible to only a single organization. However, they are still vulnerable to access breaches, social engineering, and other exploits.
  • Hybrid Clouds: Combine aspects of public and private clouds, allowing organizations to wield more control over their data and resources than in a public cloud environment, yet still be able to tap into the scalability and other benefits of the public cloud when needed.

Source: BeyondTrust.com

THE MAIN CLOUD COMPUTING SERVICE MODELS

  • Infrastructure as a Service (IaaS): With IaaS, you rent IT infrastructure’servers and virtual machines (VMs), storage, networks, operating systems’from a cloud provider on a pay-as-you-go basis.
  • Platform as a Service (PaaS): PaaS is designed to make it easier for developers to quickly create web or mobile apps, without worrying about setting up or managing the underlying infrastructure of servers, storage, network, and databases needed for development.
  • Software as a Service (SaaS) : Overlapping with PaaS, server less computing focuses on building app functionality without spending time continually managing the servers and infrastructure required to do so. Server less architectures are highly scalable and event-driven, only using resources when a specific function.

Source: ePATHUSA.net

Strategy & Policy A holistic cloud security program should account for ownership and accountability (internal/external) of cloud security risks, gaps in protection/compliance, and identify controls needed to mature security and reach the desired end state.

Network Segmentation
Leverage a zone approach to isolate instances, containers, applications, and full systems from each other when possible.

Identity and Access Management and Privileged Access Management
Leverage robust identity management and authentication processes to ensure only authorized users to have access to the cloud environment, applications, and data.

Discover and Onboard Cloud Instances and Assets
Discovery and onboarding should be automated as much as possible to eliminate shadow IT.

Password Control (Privileged and Non-Privileged Passwords)
Never allow the use of shared passwords. Combine passwords with other authentication systems for sensitive areas.

Vulnerability Management
Regularly perform vulnerability scans and security audits, and patch known vulnerabilities.

Encryption
Ensure your cloud data is encrypted, at rest, and in transit.

Disaster Recovery
Be aware of the data backup, retention, and recovery policies and processes for your cloud vendor(s).

Monitoring, Alerting, and Reporting
Implement continual security and user activity monitoring across all environments and instances.

Source: beyondtrust.com

Leave a Reply

Your email address will not be published.