Cloud Security

• Cloud security is particularly difficult for 2 main reasons;
  1. With the cloud you get greatly accelerated development and deployment cycles. Where infrastructure used to take weeks/months to provision it can be done in seconds/minutes. And where code releases used to be weekly/monthly they are hourly/daily. Because the assets in the cloud are changing at such a fast pace, so are the vulnerabilities and misconfigurations that come with that (it’s hard for anyone to realistically keep up)
  2. All the buttons are available in the cloud. What does this mean? In the old days if you wanted a new service or technology you had to manually acquire that, install or otherwise deploy that. This process was slow, and meant new risks were added slowly (in a manageable way). With the cloud you have (AWS as an example) 200+ services instantly available from day1. That’s a lot of services, and a lot of services that can be misconfigured.
• With an explosion of infrastructure and services combined it’s only natural that the attack surface follows the trend, thus cloud security can be complex

The main risks of cloud security are; misconfigurations, vulnerabilities and compromised/malicious users. Overall the cloud provider upholds certain responsibilities to make sure PaaS offerings are secure and stable, but once you start running apps and deploying code there, the responsibility to make sure this is secure is yours. Misconfigurations are self explanatory and can lead to such mishaps as opening private buckets for the world to see. Vulnerabilities come in many forms, be it open source packages you have included in your code, or host operating systems that are unpatched, but overall the root cause is the same; there is a known vulnerability which can be exploited and you haven’t mitigated it. And finally the user; this could be literal users, or system users, but no matter the context; users (or identity) has become the number one way to maliciously access cloud resources. Ensuring users are not over privileged and keeping a watchful eye on suspicious behaviour (unsual working time or location for example) are examples of how you can avoid or reduce impact of compromised users.

The best way you can secure your cloud is to educate users, developers and system administrators on the importance of a security first mindset. As the old saying goes ‘the user is the weakest part of any security system’. With training in place and a good culture of ‘secure by design’ a company then needs some tools to get the job done. Primarily, the best candidates for this are vendors of CNAPPs, CWPPs or CSPMs. The industry is quite mature now and the more money you can spend the better, with some platforms advocating a ‘code to cloud’ coverage and including everything from open source vulnerabilities to runtime anomalies. Budget will be a constraint for most organisations so you’ll need to lock down what is your primary concern; platform hack, data leak, insider activity, downtime, etc. This will better help you to choose a technology that suits your needs.

• AWS provides security for all its products and services, ensuring apps do not suffer downtime due to bad actors etc. But specifically for the consumer AWS provides 3 main security products:
  1. AWS WAF + Shield Advanced: These are front facing security layers to protect your public facing assets from the bad guys. The services are comparable to other web application firewall vendors and allow for most of the common features you’d expect; IP blocking, rate limiting, ACLs, OWASP top 10, etc.
  2. AWS GuardDuty : This tool is constantly looking for malicious and suspicious behaviour inside your account, searching for malware and otherwise reporting to you about anomalous behaviour. It’s mostly using CloudTrail, Config and VPC flow logs to gather data
  3. AWS inspector : This the next level down the stack and extends the security by actually looking into your services (for example inside an EC2 server or a lambda function) to see what open source software is running or what version of the operating system you are using
• The combination of these 3 services comprise the main security offerings of AWS