Practical Cloud Security
Principles and Concepts
Least Privilege
Users or services should only have the minimum permissions required to perform their intended tasks. An aspect often overlooked is the automation part of the acesss process. Automation tools should also abide by the principle such that credentials used to perform task are only granted to the minimum required permissions.
An practical application is to set access policies to deny by default.
Defense in Depth
Acknowledging that any security measure can fail, and by creating multiple layers of overlapping security controls such that if one layer fails, the next layer can still prevent access.
Question the access control by asking: "What if this fails?" helps to clarify if this principle is correctly applied.
Zero Trust
Essentially means that trust from a user or a service should not be granted implicitly or assumed. Instead, all connections should be encrypted, authenticated, and authorized to be considered a warranted trust.
Threat Actors, Diagrams and Trust Boundaries
Threat actors are the individuals or groups that are likely to attempt to breach security. Four types of threat actors include: organized/independent crinminal, hacktivists, state actors, and insiders.
Trust boundary is the boundary between the trusted and untrusted parts of the system. Components within the boundary are trusted, while components outside the boundary require verification. Any interaction that crosses the trust boundary should be carefully treated.
Threat modeling is a methodology that helps to identify the threat actors and the trust boundaries.
Cloud Service Delivery Models
An understanding of how cloud services are delivered, e.g. IaaS, PaaS, and SaaS, helps to identify the trust boundaries and focus on the parts that the team is responsible for. Simply focus on the concept is sufficient as line between models are blurred.
Cloud Shared Responsibility Model
Customers and cloud providers share the responsibility of securing the cloud environment. Boundary of the responsibility differs between different cloud service delivery models.
Clear understanding of each parties' responsibilities is crucial to ensure no gaps in security.
Risk Management
Risk management is the process of identifying, assessing, and mitigating risks. It involves understanding the potential threats and vulnerabilities, and taking appropriate actions to reduce the likelihood and impact of incidents.
While unknown risk are hard to manage, known risks are easire to identify and actions can be taken:
- Avoid the risk: Shutting down the system by sacrificing functionality
- Mitigate the risk: Take additional acts to lower the likelihood of the risk to happen.
- Transfer the risk: Transfer the risk to another party.
- Accept the risk: Get stakeholder to agree that the risk is acceptable after looking over the overall risk level and benefits of continuing with the risk.
Data Asset Management and Protection
Data Classification Example
- Low/Public: Information that has negligible impact to the organization if released.
- Moderate/Private: Information that should not be disclosed to the public.
- High/Confidential: Information that is vital to the organization and should not be disclosed to unauthorized parties.
Note that regulations and standards may affect how data is classified, e.g GDPR, FISMA, ITAR, PCI DSS, HIPAA, etc.
Tools such as Microsoft Purview, Amazon Macie, and Google Cloud Sensitive Data Prevention can help to classify or find sensitive data.
Protecting Data in the Cloud
Tokenization
Replacing sensitive data with a token that is not directly related to the original data. A token server serves as the source of truth for the mapping between the token and the original data.
Encryption
A go-to solution for protecting data. Note that it is recommended that data to be compressed before encryption to ensure that it is compressed efficiently.
Three types of data to protect are data in motion, confidential computing and data at rest.
- Confidential Computing: A method to protect extremly sensitive data that requires hardware support since it changes the way the processor accesses memory.
- Data at rest: Focuses on managing the encryption keys instead of the encyption process itself. Tools such as harware security modules (HSM), key management services (KMS)can be used to manage the keys. Deeper key management concepts refer to: key encryption key (KEK), data encryption key (DEK), and key wrapping.
- Data in motion: Encryption of data in motion is a common practice.
Different ayers of encryption can be applied:
- Disk-level
- Platform-level
- Application-level
Notice the implementing encryption at different layers introduces different overheads.
Cloud Asset Management and Protection
SKIPPED FOR NOW
Identity and Access Management
SKIPPED FOR NOW