Cloud Platforms
A cloud platform is an on-demand service of cloud computing, storage and other resources through an online-based data center. It not only allows its users and businesses to save space and maintenance costs but also allows them to pay for the services they use and scale accordingly. Some well known examples are Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure etc.
Cloud Storages
Let us assume a scenario. We like to store our photos, files, and documents on the devices that we use in our day-to-day lives. What if we lose our devices? bad situation, right? This is where cloud storage comes into play. If we store our important data in the cloud, not only do we save our device storage for temporary files, but also, in case we lose our devices, we can retrieve data by just logging in to our account.
Cloud-based data threats
It comes as no surprise that attacks on cloud platforms and attempts to find flaws in cloud infrastructure are on the rise, particularly with misconfigurations and unauthorized access to users or members.
Some of the other threats are accidental leaks of sensitive data and weak credentials. However, these challenges don’t make cloud usage less popular in any way. Maximum cloud security necessitates the efforts and responsibility of both vendors and customers.
Protection against the threats
It comes as no surprise that attacks on cloud platforms and attempts to find flaws in cloud infrastructure are on the rise, particularly with misconfigurations and unauthorized access to users or members.
Some of the other threats are accidental leaks of sensitive data and weak credentials. However, these challenges don’t make cloud usage less popular in any way. Maximum cloud security necessitates the efforts and responsibility of both vendors and customers.
Understanding and implementing security in cloud-native environments
Encryption of data: Encrypting data has always been significantly important in communication and transferring data. Encryption can be done in two ways:
- Server-side encryption: The encryption takes place after the server receives the data from the client and before storing it in a database. For example, Amazon encrypts the data and writes it to their data centres, then decrypts it for you when you request access
- Client-side encryption: In client-side encryption, the client encrypts the data before sending it to the cloud.
- Security scans: Perform regular security and vulnerability scans for any misconfigurations and risks. It will provide a regular security check in a cloud environment.
Backup policy: Organisations should make a backup policy and implement it at regular intervals to avoid the risk of data loss. This can be done by storing the files on the server at different physical locations.
Use of MFA: Credentials can be easily compromised, especially if there is no password policy to follow. Many sophisticated password-spraying tools and social engineering techniques can retrieve credentials from multiple sources. This is where MFA comes into play, where the user has to authenticate themselves as a legitimate user to access the data. MFA uses different factors, such as something you know, something you have, or something you are, to authenticate users.
Implementing access control: Well, nothing is fully proof, so in case multifactor authentication fails or lack of rotation of encryption keys or misconfiguration, we need a mechanism that allows users access to data accordingly. IAM policies and the Access Control List (ACL) can aid in centralising control over data access. This helps permit or deny the users’ access to data.
Virtualization and Containerization security
There are a few differences between virtualization and containerization, based on which the security measures will vary.
In virtualization, the VM instances are fully isolated with their own operating system (OS), whereas containers use the host OS kernel. So any vulnerability with the host OS/kernel will impact all containers.
Using virtualization, we can host multiple operating systems independent of each other (hardware level virtualization), while in containerization, all containers run on a single host OS/kernel, which is why it is called “OS level virtualization.”
Another distinction is that virtualization allows for the isolation of multiple machine instances. Containerization provides process isolation as when we run any application, it only knows the dependencies and libraries it needs to run.
Security measures for virtualization
- The hypervisor should always be up-to-date, and there should be a defined policy for the installation of the virtualization software.
- Any unused network interface card (NIC) or physical hardware should be disabled to keep the VM off the network.
- Disable any services that aren’t required.
Security measures for containerization
- The container should be hosted on a dedicated host OS for containers. The container’s attack surface can be significantly reduced by removing any unnecessary services.
- Using reference documents like the Centre of Internet Security (CIS) edition can help establish a secure configuration baseline for container engines like Docker.
- Security Monitoring the hosts becomes important for securing the containers. This can be done with any system monitoring tool.
Basic security measures with VPC
The first thing we have in mind while working with VPCs are the security groups and network ACLs, which are basically virtual firewalls to restrict unauthorised access to the resources. VPCs and other networking resources allow network access to our online resources.
- It’s important to manage access to resources in a VPC using Identity and Access Management.
- Audit the VPC logs to monitor traffic in the VPC or the instances.
- Use a network firewall to filter incoming and outgoing traffic and network ACLs to control traffic at the subnet level. Although the VPC may come with default network ACLs, those can be changed.
Protection against DDOS
The DDOS attack is one of the most serious threats to cloud architecture, according to multiple standard reports. DDOS attacks are basically the flooding of resources or services with a heavy amount of unreal traffic to make them unavailable for an indefinite period of time, which eventually leads to a few situations:
- Unavailability of services or applications
- The financial loss of business
- Insecure data
- Loss of reputation for the company
Consider a DDOS attack in which multiple bogus requests are sent to the cloud environment in order to disrupt the target server. The cloud’s auto-scaling feature will now push the usage limits to the point where the user cannot pay for the utilisation or the cloud resources are exhausted. This will cause the denial of services or the unavailability of services. With its Amazon Shield service protection against DDOS, Amazon was able to handle the largest DDOS attacks in February 2020, which were 2.3 terabits per second (Tbps).
To minimise the risk of DDOS attacks, we must choose a cloud provider that can defend against DDOS attacks, such as AWS Shield, which offers DDOS protection. Similarly, Google has its Google Cloud Armor security policy to help protect against DDOS. Making sure that cloud protection is always turned on contributes to the ongoing security of our data.
How SecurDI can Help?
SecurDI can provide valuable assistance in securing your cloud infrastructure. We can help you by assessing the current security measures in place, identifying vulnerabilities and recommend solutions to strengthen the overall security posture. SecurDi can also provide guidance on best practices for clud security starting from MFA, Encryption to secure access policies. Partaining with us, you can be assured about cloud environment being safe and data remain secure.