CONTACT: +91 9949712255, info@usharama.inCounselling Code: URCE

What is Cloud Security and Why should we Consider it?

Posted By: Usha Rama, 10/15/2020 08:51

cloud-security-and-why-should-we-consider-it

Introduction

A cloud refers to an IT environment which has been designed for remote access to IT resources. The term Cloud originated as a metaphor of the Internet which is a network of networks providing access to a remote set of decentralized IT resources. A cloud is accessible through the Internet and there are many different clouds that are accessible through the Internet.

Cloud computing provides several benefits for organizations and users. They are as follows:

  • Almost any type of computing resources can be provisioned on demand.
  • Organizations can scale up and scale down the used resource as per requirement.
  • Users are required only to pay for what resources and workloads have been used.

Whether using any type of cloud service provider, Cloud Security is essential to assess the security of your operating systems and applications running on a cloud. To ensure the ongoing security in the cloud requires a highly equipped cloud instances with defensive security controls to assess the ability and withstand the latest data breach threats.

Here are the following points can help secure a cloud-based deployment.

Understand your shared responsibility: While the cloud security provides a greater part of the virtualization and physical infrastructure, the rest of the responsibility for the infrastructure falls on the organization users. Depending on the services used, it is the user’s responsibility to enforce Application Security, Policies, Configuration etc.

  1. Network Protection: Use in-depth defense and secured services like

  • Virtual Private Networks(VPN)
  • Routing Rules
  • Network ACLs
  • Proxy Servers: Nginx
  • Stateful Firewalls
  • Network Address Translation(NAT)
  • Application: Modsecurity

Host: ip-tables

Network : pfSense

2. Protection of the Cloud Machine Images

  • Harden machine images
  • Change default passwords
  • Disable insecure ports and services
  • Install the AV Software
  • Use a baseline (STIGs) – System specific checklist
  • Learn Security Content Automation Protocol(SCAP): which provides multiple tools for assisting administrators and auditors by enforcing security baselines

3. Protection of Data at Rest: Data at rest refers to the inactive data stored digitally. For protecting such data

  • Understand the different mechanisms of cloud storage and their security implications.
  • Review the options of encryption primitives.
  • Consider Secure Archival and data disposal
  • Tools: Luks, dm-crypt, Gnu-Shred

4. Protection of Data in transit: Data in transit refers to that which is flowing through a public or a private network

  • Always use secure application protocols like the TLS (Transport Layer Security), SSH(Secure Shell), RDP(Remote Desktop Protocol).
  • When the application does not secure protocols for communication, securely Tunnel traffic – IPsEC, SSL VPN, SSH.
  • Consider using a Key Management System.
  • Tools: OpenVPN, OpenSwan.

5. Protection and Patching of Instances

  • Use a Configuration Management System to patch all the cloud-based instances.
  • Look for Zero Days and classify risks.
  • Tools: OpenVAS

6. Protection of Instance Access

  • Manage your access to cloud instances by using a directory service.
  • Create Individual User Accounts(IAM)
  • Based on business needs, grant least privileges.
  • Enable MFA(Multi Factor Auth) for the privileged Users.
  • Audit all the User activities.
  • Refrain from using Root Cloud Accounts.

7. Application protection

  • Get AAA(Authentication, Authorization, and Auditing) implemented.
  • Understand the OWASP Top 10 Security Flaws.
  • Follow the best practices for Secure Development
  • Tools: Jenkins, PMD, FindBugs

8. Auditing and monitoring the cloud

  • Gather the monitoring data in a separate secure network.
  • Establish baselines and monitor all layers and protocols.
  • Deploy IDS(Intrusion Detection System) behind the Network Firewall.
  • Fine tune the alert levels and use redundant channels for alerting.
  • Tools: Nagios, ELK Stack, Watcher, Snort.

9. Validate protection

  • Periodically test the Network, Applications, and Infrastructure for security vulnerabilities.
  • Check for Input validation, Session Manipulation, Authentication and leakage of information.
  • Wherever possible use 3rd party tools.
  • Tools: Metasploit, Kali Linux, OpenVAS.

10. Automation: Automated provisioning helps in the documentation, Disaster Recovery and Planning and change management.

  • Make use of a configuration management system like Chef/Puppet to manage configuration centrally.
  • Consider infrastructure as Code.
  • Implement Continuous Integration and Continuous Delivery.
  • Tools: Docker, Ansibl,e and Chef.

11. Update security policy

  • Define the scope and boundaries of security.
  • Implement proper Risk Assessment Methodology, Identification and Addressing Methodology.
  • Align policies with the contractual obligations of the cloud provider.
  • Make use of the Compliance Management Tools: OpenFISMA, PTA, SOMAP, GLPI.

Conclusion

There are some things that are easier and some things that harder in the Cloud. The steps listed above will, however get you started on your improvement cycle for continuous security. Before you get started and implement a cloud application on grounds of time and cost, it is essential to understand the data and security breach threats.

Whenever an organization is moving to new an application or positioning it, it will either drive the sales up or drive down your operational costs or do them both. By making well-informed choices, cloud computing can offer business value, choice, and litheness to you which will be the most undoubted reasons for implementing a new application on cloud.

Subscribe

Tags

Activities

Exam Results

Time Table

Informative

Engineering

Tech

Technology Upgrades

Digital Learning Collaborate

Digitalization

SEO Techniques

Construction Blogs

Categories

Placements

Events

Semister Exams

Informative

Civil Engineering

Construction Industry

Wireless Infrastructure

Networking

Storage

Wireless

Data Center

Net Security

Data Security Cloud

IoT

Applications

Careers

Computer Science

Computer Science and Engineering

CSE

Mechanical Engineering

Machining

Computer Aided Manufacturing

Environmental Science

Environment Impact

Collaboration

Professional Learning Network

Digitalization

SEO

Earthquake Resistant

Disaster Management

EEE

Latest Posts

Elevate to Data Analytics: Scope, Opportunities and Careers for Students

Adaptive Cruise Control : What is it? How is it? Installation and everything you'd want to know!

Welcoming The New Start-Up Revolution In Andhra Pradesh That Is Celebrating Electronics On A Magnum Opus Scale

Empowering the Future of Humans on the Earth -- Welcome to Wireless Electricity

Solution to Control Power Theft in India