- Author|Zou Zheng
- Source|TechTarget China
- Release time|2021-02-21
As companies gradually shift to a cloud-first strategy, protecting cloud data becomes more and more important. Let's take a look at 5 cloud security tips to help companies protect data in hybrid or fully public cloud environments.
Tip 1: Record cloud assets
Former US Secretary of Defense Donald Rumsfeld mentioned "known known," "known unknown," and "unknown unknown." These terms were actually coined by researchers from the National Aeronautics and Space Administration of the United States and have long been used by US national security and intelligence professionals.
When protecting cloud data, companies need to accurately record which assets they own in the cloud and the current security status of these assets: what is known. Technical professionals can use many tools to find resources. The real challenge is to accurately find out which resources need to be recorded. In addition to the obvious resources (such as where to run the workload), you also need to look for the following resources:
- Identity and access management user and administrator account privileges to find any overprivileged users and roles;
- All public IP addresses associated with your cloud account to provide early warning in the event of any attack;
- The relationship between assets and resources to discover potential attack paths;
- Keys and key characteristics, including the release date, to disable keys older than a given threshold.
Tip 2: Test, test, retest
After setting up the enterprise's cloud environment, please schedule a test. There are now many tools that can help companies test their environment, including penetration testing, configuration error testing, and various forms of vulnerability testing. Some tools can search for keys and passwords, and some even allow the security team to create and launch advanced persistent threats against the enterprise. In short, all tools, techniques, and procedures that may be used by attackers can be used by enterprises to test cloud environments.
Tip 3: Always keep monitoring
It is wise to maintain continuous monitoring of the cloud environment (that is, always maintain monitoring). Companies should pay close attention to configuration changes, compliance failures, suspicious changes to files or structured data, etc. The value of performing this operation in real time lies in the ability to detect attempted attacks early to contain the attacks and the ability to patch vulnerabilities in a timely manner.
Tip 4: Create real-time safety training opportunities
"On-site fire drills" have become the main content of fire department training. On-site fire drills refer to the practice of buying a building, arranging the building into a typical residence or office, and then setting it on fire and sending firefighters to control the fire. This allows firefighters to have an in-depth understanding of the fire situation under different conditions, and understand their own weaknesses and tendencies under the pressure of the on-site fire.
In a cloud environment, such exercises can be insecure cloud environments and cloud applications. These tools contain incorrect configurations and vulnerabilities and can be quickly and easily set up to train cloud engineers on how to detect and fix common configuration flaws and security vulnerabilities. Such an environment should be part of the corporate training program. Companies can use gamification mechanisms to reward cybersecurity experts who find vulnerabilities the fastest and most effectively.
Tip 5: Be aware of emerging threats in time
Companies need to track emerging threats, including complex nation-state attacks, which increasingly utilize cloud services. One of the methods is through the Mitre ATT&CK framework, which tracks threats and breaks down attacks into various technical means, such as credential access, privilege escalation, discovery, etc. The ATT&CK framework also provides repair suggestions and the latest insights on the behavior and activities of attackers. Other ways to stay informed include subscribing to threat intelligence sources from vendors and third-party organizations, and participating in ISACA or other cybersecurity organizations.
