How to Secure Cloud Infrastructure? - Cloud Security and Computing

For to understand how to Secure Cloud! We need to focus on countermeasure strategies that span those levels.

First, it is highly recommended that you implement multiple layers of defense against any risk.

For example, in physical protection there should not be reliance on a single lock; there should be multiple layers of access control, including locks, guards, barriers, and video surveillance.

Equally, for control that directly addresses a risk, there should be additional control to catch the failure of the first control. These controls are referred to as compensating controls.

Every compensating control must meet four criteria: have the intent and rigor of the original requirement, provide a similar level of defense as the original requirement, be above and beyond other requirements, and be commensurate with the additional risk imposed by not adhering to the requirement.

As an example, consider disk space monitoring.

There should be a basic control in place that monitors available disk space in a system and that alerts you when a certain threshold has been reached.

A compensating control would be used to create an additional layer of monitoring “above and beyond” the initial control, to ensure that if the initial control were to fail or experience difficulty due to some sort of attack, that the amount of disk free space could still be accurately monitored and reported on

Data Center Continuous Uptime

Cloud infrastructure needs to be designed and maintained for continuous uptime.

This implies that every component is redundant. This serves two purposes:

It makes the infrastructure resilient against component failure.

It allows individual components to be updated without affecting the cloud infrastructure uptime

Automation of Controls

On the technical level, controls should be automated as much as possible, thus ensuring their immediate and comprehensive implementation.

One way to do this is to integrate software into the build process of VM images that detects a malware, encrypts data, configures log files, and registers new machines into configuration management databases.

Automating the configuration of operational resources enables additional drastic changes to traditional practices.

Rather than updating resources—such as OS instances— at runtime with security patches, an automated system for configuration and resilience makes it possible to replace the running instance with a fresh, updated one.

This is often referred to as the baseline image.

Secure Cloud Access Controls

Because new technology, as well as new service models, are introduced by cloud computing, access controls need to be revisited.

Depending on the service and deployment models, the responsibility and actual execution of the control can lie with the cloud service consumer, with the CSP, or both.

Cloud computing allows enterprises to scale resources up and down as their needs require.

The pay-as-you-go model of computing has made it popular among businesses.

However, one of the biggest hurdles in the widespread adoption of cloud computing is security.

The multitenant nature of the cloud is vulnerable to data loss, threats, and malicious attacks.

Therefore, enterprises need strong access control policies in place to maintain the privacy and confidentiality of data in the cloud.

Following is a non-exhaustive listing of access controls:

Building access

Computer floor access

Cage or rack access

Access to physical servers (hosts)

Hypervisor access (API or management plane)

Guest OS access (VMs)

Developer access

Customer access

Database access rights

Vendor access

Remote access

Application and software access to data (SaaS)

Cloud services should deploy a user-centric approach for effective access control, in which every user request is bundled with the user identity.

In addition, there should be strong authentication and identity management for both CSPs and their clients. Particular attention is required for enabling adequate access to external auditors without jeopardizing the infrastructure.

Secure Cloud Physical and Environmental Protections

The physical infrastructure and its environment consisting of the data center, its buildings, and its surroundings.

These facilities and their staff are most relevant, not just for the security of the IT assets but because they are the focus of a lot of security controls on other components.

There is, of course, infrastructure outside the data center that needs protecting. This includes network and communication facilities and endpoints such as PCs, laptops, mobile phones, and other smart devices.

Several controls on the infrastructure described here can be applied outside the data center as well.

There are well-established bodies of knowledge around physical security, such as NIST’s SP 800-14 and SP 800-123, and that knowledge is consolidated in several regulations.

Secure Cloud Key Regulations

Some of the regulations that may apply to the CSP facility include the Healthcare Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS).

In addition, many countries have critical infrastructure protection plans and legislation, such as the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) in the United States.

Examples of Controls

Based on one or more regulations, the following control examples may be relevant:

Policies and procedures shall be established for maintaining a safe and secure working environment in offices, rooms, facilities, and secure areas.

Physical access to information assets and functions by users and support personnel shall be restricted.

Physical security perimeters (fences, walls, barriers, guards, gates, electronic surveillance, physical authentication mechanisms, reception desks, and security patrols) shall be implemented to safeguard sensitive data and information systems.

Secure Cloud Protecting Data Center Facilities

Datacenter facilities are typically required to have multiple layers of access controls.

Between these zones, controls are implemented that deter, detect, delay, and deny unauthorized access.

At the facilities level, key resources and assets should be made redundant, preferably in independent ways such as multiple electricity feeds, network cables, cooling systems, and uninterruptable power supplies (UPSs).

On the computer floor, as it is often called, redundancy continues in power and network cabling to racks. Finally, the data center and facility staff represent a risk.

Controls on staff include extensive background checks and screening, but also adequate and continuous training in security awareness and incident response capability.

Datacenter facilities are typically required to have multiple layers of access controls.

Between these zones, controls are implemented that deter, detect, delay, and deny unauthorized access.

On the computer floor, as it is often called, redundancy continues in power and network cabling to racks.

Finally, the data center and facility staff represent a risk.

Controls on staff include extensive background checks and screening, but also adequate and continuous training in security awareness and incident response capability.

Secure Cloud System and Communication Protections

To protect systems, components, and communication, we can take several complementary analysis approaches.

It generally makes sense to analyze the important data assets, trace their flow across various processing components and actors, and use those to map out the relevant controls.

Cloud computing still runs on real hardware, so it inherits all the risks associated with that. Infrastructure as a service (IaaS) requires a great number of individual services working in harmony

Here’s a non-exhaustive list of services:

Hypervisor

Storage controllers

Volume management

IP address management (dynamic host configuration protocol [DHCP])

Security group management

VM image service

Identity service

Message queue

Management databases

Guest OS protection

All these components run software that needs to be properly configured, maintained, and analyzed for risk.

When these components have security functions, such as virus scanners and network intrusion detection systems (IDSs), and network intrusion prevention systems (IPSs), these need to be virtualization-aware.

Secure Cloud Automation of Configuration

Manually configuring all the infrastructure components in a system can be a tedious, expensive, error-prone, and insecure process.

As indicated earlier, automation of configuration and deployment is essential to make sure that components implement all relevant controls.

This automation also allows for a more granular proliferation of controls.

For example, an IDS, an IPS, and firewalls can be deployed as components of OSs and their configuration adapted to the actual state of the infrastructure through the use of automation technology

Responsibilities of Protecting To Secure The Cloud

Implementation of controls requires cooperation and a clear demarcation of responsibility between the CSP and the cloud service consumer.

Without that, there is a real risk for certain important controls to be absent.

For example, IaaS providers typically do not consider guest OS hardening their responsibility

It is incumbent upon the cloud professional to understand where responsibility is placed and what level of responsibility the organization is expected to undertake regarding the use and consumption of cloud services.

Following the Data Lifecycle

Monitoring and logging events play an important role in detecting security events, demonstrating compliance, and responding adequately to incidents.

As discussed earlier, following the data across its lifecycle is an important approach in ensuring sufficient coverage of controls. The main grouping of that data lifecycle is in three broad categories:

data at rest (DAR), data in motion (DIM), and data in use (DIU).

DAR: In storage, the primary control against unauthorized access is encryption, which helps to ensure confidentiality. Availability and integrity are controlled through the use of redundant storage across multiple locations.

DIM: Data center networking can be segregated into multiple zones physically and logically through the use of technology such as VLANs. The resulting traffic separation acts as a control to improve DIM confidentiality and integrity.

It is also a countermeasure against availability and capacity risks caused by resource contention.

Traffic separation is often mandated from a compliance perspective.

Encryption is also a relevant control to consider on networks for DIM.

control provides for data confidentiality. In addition, the network components are a potential area for controls.

The concept of a firewall acting as the gatekeeper on the single perimeter is an outdated thought process in cloud architectures. Nevertheless, between demarcated network zones, control is possible by utilizing technology such as data loss prevention (DLP), data activity monitoring, and egress filtering.

DIU: This requires access control with a granularity that is relevant for the data at risk. APIs should be protected through the use of digital signatures and encryption where necessary, and access rights should be restricted to the roles of the consumer.

Virtualization Systems Controls

The virtualization components include compute, storage, and network, all governed by the management plane.

These components merit specific attention.

Because they are used to implement cloud multitenancy, they are a prime source of both cloud-specific risks and compensating controls.

Because the management plane controls the entire infrastructure and parts of it are exposed to customers independently of network location, it is a prime resource to protect. Its GUI, command-line interface (CLI, if any), and APIs all need to have stringent and role-based access controls (RBAC) applied.

In addition, logging all the relevant actions in a logging system is highly recommended.

This includes machine image changes, configuration changes, and management access logging. Proper alerting and auditing of these actions need to be considered and governed.

The management plane components are among the highest risk components concerning software vulnerabilities because these vulnerabilities can also affect tenant isolation.

For example, a hypervisor flaw might allow a guest OS to “break out” and access other tenants’ information or even take over the hypervisor.

These components, therefore, need to be hardened to the highest relevant standards by following vendor hardening and security guides, including malware detection and patch management.

The isolation of the management network concerning other networks (storage, tenant, and so on) needs to be considered. This might need to be a separate physical network to meet regulatory and compliance requirements.

Network security includes proper design and operation of firewalls, IDS, IPS, honeypots, and so on.

The virtualization system components implement controls that isolate tenants.

This includes availability, integrity, and confidentiality (AIC). Fair, policy-based resource allocation over tenants is also a function of the virtualization system components.

For this, capacity monitoring of all relevant physical and virtual resources should be considered.

This includes network, disk, memory, and CPU. When controls implemented by the virtualization components are deemed to be not strong enough, trust zones can be used to segregate the physical infrastructure.

This control can address confidentiality risks as well as control availability and capacity risks. It is often required by certain regulations.

A trusted zone can be defined as a network segment within which data flows relatively freely, whereas data flowing in and out of the trust zone is subject to stronger restrictions.

Following are some examples of trust zones:

Demilitarized zones (DMZs)

Site-specific zones, such as segmentation according to department or function

Application-defined zones, such as the three tiers of a web application

Let’s explore the concept of trust zones from the perspective of private cloud deployment to illustrate how they may be used.

Imagine for a moment that you are the cloud professional for ABC Corp.

ABC has decided to utilize a private cloud to host data that certain vendors need access to.

You have been asked to recommend the steps ABC Corp should consider to ensure the integrity and confidentiality of the data stored while vendors are accessing it.

After some consideration, you settle on the idea of using trust zones as an administrative control based on application use.

To allow vendor access, you propose creating a jump server for the vendor, which is placed in its trust zone and allowed only to access the application trust zone you create.

This approach allows the vendor to utilize the application necessary to access the data but do so in a controlled manner, as prescribed by the architecture of the trust zone.

This limits the application’s ability to access data outside the trust zone.

It also ensures that the application can be opened and accessed only from within a computer operating inside the trust zone.

Thus, confidentiality and availability can be addressed in a meaningful way.

The virtualization layer is a potential residence for other controls (traffic analysis, DLP, virus scanning), as indicated earlier.

Procedures for snapshotting live images should be incorporated into incident response procedures to facilitate cloud forensics.

The virtualization infrastructure should also enable the tenants to implement the appropriate security controls:

Traffic isolation by using a specific security group and transmission encryption.

Guest security. This can be out of the scope of the IaaS provider, but it certainly is in the scope of the IaaS consumer.

File and volume encryption.

Control of image provenance: image creation, distribution, storage, use, retirement, and destruction.