What is cloud security and how should you handle it?

We have heard several cases like the ones below on cloud security. If you are able to relate to one of them, then a comprehensive security assessment is due.

“One of our recently fired DBA had access to few of our systems and he managed to truncate 5 years of production database of our customer on AWS. The DBA deleted the logs too. So we couldn’t prove anyone that this was an unauthorized execution.”

Solution: IAM access policies should be handled in a centralized manner. Worst Case, VPC flow logs should have enabled for tracking activities.

“We have an public internet facing application and it often go down due to DDoS attacks. We are facing huge productivity loss and bad customer reputation.”

Solution: Have a Web Application Firewall enabled which will handle the detection and blocking of DDoS attacks.

“We found that our non-production Jenkins servers are being used by unidentified people to run Bitcoin mining programs. Our cloud usage for past 3 months have gone up by almost 50%.”

Solution: Do you have ports open to public internet? If yes, can we relook at your architecture to seal these ports to avoid further exploitation?

What is cloud security and how should you handle it?

Security of your cloud setup is a shared responsibility. AWS has put this way in an easy-to-understand manner. The security of applications hosted on AWS including IAM access, encryption, content, 3rd party APIs etc should be managed by the customer.

An application running on cloud has several vulnerability points. The need to secure these points depends on the application’s use, compliance requirements and customer budget.

Ask yourself these questions. A lot of ‘NO’s is not a good scene.

  • Are you running an internet facing web application? If yes, do you have WAF to mitigate DDoS?
  • Are you running an internet facing web application? Id yes, do you have SSL to prevent MITM attacks?
  • Are you concerned about your firewall security, server security and other infrastructure vulnerabilities? Is yes, have you done a comprehensive infrastructure Vulnerability Assessment & Penetration Testing (VAPT) exercise to identify these vulnerabilities and fix them?
  • Are you concerned about the health of your application APIs and other vulnerabilities found at application level? If yes, have you run an application VAPT (manual tests are recommended) to identify these vulnerabilities and fix them?
  • Do you have a large set of people accessing your AWS infrastructure directly? If yes, are they accessing the systems through a VPN tunnel?
  • Do you want to track the logs to capture unauthorized provisioning of AWS services or changes done to your AWS setup? If yes, you should enable logging mechanisms like CloudTrail and VPC flow logs.
  • Are you running an internet facing web application? If yes, do you have WAF to mitigate DDoS?
  • Are you running an internet facing web application? Id yes, do you have SSL to prevent MITM attacks?
  • Are you concerned about your firewall security, server security and other infrastructure vulnerabilities? Is yes, have you done a comprehensive infrastructure Vulnerability Assessment & Penetration Testing (VAPT) exercise to identify these vulnerabilities and fix them?
  • Are you concerned about the health of your application APIs and other vulnerabilities found at application level? If yes, have you run an application VAPT (manual tests are recommended) to identify these vulnerabilities and fix them?
  • Do you have a large set of people accessing your AWS infrastructure directly? If yes, are they accessing the systems through a VPN tunnel?
  • Do you want to track the logs to capture unauthorized provisioning of AWS services or changes done to your AWS setup? If yes, you should enable logging mechanisms like CloudTrail and VPC flow logs.

Cloudnloud Cloud Security Assessment Workshop

null

Stake Holders Interview

null

Security Audit VAPT

null

Security Report Submission

null

Best Practices Implementation

null

Sanity Checks & Documentation

null

24*7 Security Management

ALLOW OUR CLOUD SECURITY EXPERTS TO HELP YOU TODAY!