Cloud Infrastructure has many benefits like on-demand scalability, flexibility, cost saving, etc. but security is always been a concerns because of public, shared, multi tenants model of cloud. We believe that Cloud can enhance the Security Posture if implemented properly. We at CloudBuilders Technologies mission is to help customers adopt the cloud right way and Security is one of the aspects of using cloud right way without incurring too much additional cost for it. Here is some glimpse of how we implement security for cloud infrastructure and workloads deployed in public cloud infra.
Although application security is part of application design and irrespective of on-prem or cloud infrastructure deployment, it remains the same, there are few services available in cloud which can help application developers identify vulnerabilities in the applications like Cross Site Forgery, Script injection (XSS), SQL Injection, etc. Web Application Firewalls (WAF) can be used between application and users which can filter malicious requests and blocks them. WAF works on OSI layer 7 (Http/Https protocol) and may not protects against other attacks.
Creating resources in cloud can be challenging and vulnerable for unauthorized access if network security is not implemented properly. Deployment Architecture or Infrastructure Architecture design must include creating VPC (Virtual Private Cloud), Private subnets. Network Security Firewalls should be configured to allow only specific ports from specific range of IP’s or resources. A multi layer deployment architecture with proper firewalls configuration is key to avoid Intrusion and unauthorized access to the cloud resources.
Identity and Access Management (IAM)
Ensuring only authenticated users can access what they are authorized for is critical. For cloud access IAM policies should be created with least access privilege and users should be assigned to groups or policies which they should have access.
Cloud Security Posture Management (CSPM)
CSPM is a security solution to continuously monitor the security configuration in the Infrastructure. organizations can define their security compliance rules or use predefined rules like defined by CIS, SOC2, HIPPA, PCI and configure their CSPM solutions to continuously monitor the cloud infrastructure for any violations of the rules. At CloudBuilders we use open source cloud custodian tool for implementing CSPM solution.