Select Page
Your Perfect Assignment is Just a Click Away
We Write Custom Academic Papers

100% Original, Plagiarism Free, Customized to your instructions!

glass
pen
clip
papers
heaphones

CloudSecurity-IssuesandBestPractices.pptx

CloudSecurity-IssuesandBestPractices.pptx

Cloud Security – Issues and Best Practices

1

Outline

Intro to Cloud Security

Need for Cloud Security

Cloud Security Fundamentals

Cloud Security Issues

OWASP Top 10 – A6:2017– Security Misconfiguration

OWASP Cloud-Native Application Security Top 10

Attacks against Cloud Security Mechanisms

Cloud Security Best Practices

2

Intro to Cloud Security

3

Intro to Cloud Security

What is the cloud?

According to Microsoft (2022) the cloud refers to “a vast network of remote servers around the globe which are hooked together and meant to operate as a single ecosystem”

Cloud servers are designed to:

Store and manage data

Run applications

Deliver content/service such as streaming videos, web mail, office productivity software, social media to any Internet-connected device

According to NSA (2018), cloud browsers can be used to completely separate the web browser from the user’s O/S by hosting the browser in a remote cloud environment

4

Intro to Cloud Security (contd.)

What is the cloud? – PowerCert Animated Videos

5

Source: PowerCert Animated Videos – Cloud Computing Explained –

https://www.youtube.com/watch?v=_a6us8kaq0g/

Intro to Cloud Security (contd.)

Cloud deployment methods

Public cloud – shares resources and offers services over the public Internet

Private cloud – does not share resources and offers services over a private internal network typically hosted in an on-premise datacenter

Hybrid cloud – shares resources between public and private clouds depending on their purpose

Community cloud – shares resources only between specific organizations such as government institutions

6

Source: Microsoft.com – What is the Cloud? –

https://azure.microsoft.com/en-us/overview/what-is-the-cloud/

Intro to Cloud Security (contd.)

Cloud service models:

SaaS

Examples: Amazon SaaS Factory, Office 365, Google Kubernetes Engine

PaaS

Examples: Elastic Beanstalk, Azure App Service, Google Cloud Run

IaaS

Examples: Amazon EC2, Azure IaaS, Google Compute Engine

7

Cloud Service Model Hardware Operating System Applications Data
SaaS
PaaS
IaaS

SP – Service Provider C – Customer

Intro to Cloud Security (contd.)

Cloud market share:

8

Source: 64 Significant Cloud Computing Statistics for 2022 – FinancesOnline –

https://financesonline.com/cloud-computing-statistics/

Intro to Cloud Security (contd.)

The big 3 cloud service providers:

9

Source: AWS vs Azure vs GCP – bmc –

https://www.bmc.com/blogs/aws-vs-azure-vs-google-cloud-platforms/

Customers:

Netflix

Airbnb

Lyft

FDA

Coinbase

Customers:

Starbucks

Walgreens

3M

HP

CDC

Customers:

Toyota

Spotify

Target

Twitter

UPS

Intro to Cloud Security (contd.)

Cloud security refers to “a broad set of technologies, policies, and applications that are applied to defend online IP, services, applications, and other imperative data against cyber threats and malicious activity” (Cisco, 2022)

As per Cisco, 2022, cloud security involves securing data and applications in the cloud by:

Protecting apps, data, and users in the cloud against compromised accounts, malware, and data breaches

Stopping malware before it spreads across the network

Decreasing the time spent remediating data breaches

Improving security without impacting end-user productivity

Extending protection by securing users anywhere and anytime

10

Intro to Cloud Security (contd.)

Cloud security can enable better business outcomes by being:

11

Need for Cloud Security

12

Need for Cloud Security

As per IBM (2022):

Organizations need cloud security as they incorporate cloud-based tools and services as a part of their digital strategy

Organizations must make their own considerations when protecting data and applications on the cloud since the responsibility of data asset security and accountability does not necessarily shift to the cloud service provider

Threats targeting cloud providers continues to evolve

Lack of cloud security can make organizations face significant governance and compliance risks

Cloud security is a necessity to ensure continuity of business operations

13

Need for Cloud Security (contd.)

As per the Accenture (2021) Cyber Threat Intelligence Report:

Spending on public cloud services are expected to rise 21.7% from 2021 ($396B) to 2022 ($482B)

Cloud centricity prompts new attack vectors

Public-facing cloud environments serve as initial entry vectors through which threat actors can gain access to individual endpoint devices

Some organizations do not monitor cloud platforms as closely as they do their own on-premise servers

14

Need for Cloud Security (contd.)

As per the Accenture (2021) Cyber Threat Intelligence Report (contd.):

Ransomware attacks on cloud infrastructure is on the rise

Cloud malware has evolved faster than traditional ones

Cloud-centric toolset threats are escalating

Expanding cloud infrastructure also creates highly scalable and reliable command-and-control infrastructure and botnets

Moving to the cloud has increased both the risk and consequences of supply chain attacks

15

Need for Cloud Security (contd.)

According to the McAfee (2019) Cloud Adoption and Risk Report:

16

Sharing of sensitive data in the cloud has increased 53%

An average organization has 2,269 IaaS misconfiguration incidents per month

80% of organizations will experience at least 1 compromised account threat in the cloud each month

92% of organizations currently have stolen cloud credentials for sale on the Dark Web

Need for Cloud Security (contd.)

According to the McAfee (2019) Cloud Adoption and Risk Report:

17

Need for Cloud Security (contd.)

Poor cloud security continues to be a major cause data breaches (Privacy Rights Clearinghouse, 2020)

18

Need for Cloud Security (contd.)

Poor cloud security continues to be a major cause data breaches (Privacy Rights Clearinghouse, 2020)

19

Cloud Security Fundamentals

20

Cloud Security Fundamentals

What is AWS Security? – Amazon Web Services

21

Source: Amazon Web Services – What is AWS Security? –

https://www.youtube.com/watch?v=_2HFqANE4gw

Cloud Security Fundamentals (contd.)

AWS cloud architecture for web application hosting:

22

Source: AWS – Web Application Hosting in the AWS Cloud – https://docs.aws.amazon.com/whitepapers/latest/web-application-hosting-best-practices/web-application-hosting-best-practices.pdf

Cloud Security Fundamentals (contd.)

AWS cloud security includes:

Infrastructure security

AWS WAF defends against XSS, SQL injection, & DDoS

AWS Shield provides DDoS mitigation technologies available for layer 3, 4, and 7 protection

Amazon VPC offers built-in network firewalls

Inventory and configuration management

Deployment tools offered

Inventory and configuration management tools available

Template tools exist to create standard, preconfigured, hardened VMs for EC2 instances

23

Cloud Security Fundamentals (contd.)

AWS cloud security includes:

Data encryption

At rest built into EBS, S3, RDS, and most other services

AWS Key Management Service available

AWS CloudHSM for secure key storage

Identity and access control

AWS IAM allows account and permission management

AWS MFA available for privileged accounts

AWS SSO allows central management of SSO access

24

Cloud Security Fundamentals (contd.)

AWS cloud security includes:

Monitoring and logging

AWS CloudTrail can monitor AWS deployments including API call history

Amazon CloudWatch provides a reliable, scalable, and flexible monitoring solution

Amazon GuardDuty available for intelligent threat detection and notification

AWS Nitro System

25

Cloud Security Issues

26

Cloud Security Issues

Specific cloud security issues include the following:

Lack of visibility

Multitenancy

Access management and shadow IT

Access control may be more challenging in cloud environments

Compliance

Accountability for data privacy and security still rests with the enterprise

Misconfigurations

Accounted for 86% of breached records in 2019

27

Source: IBM – What is Cloud Security? –

https://www.ibm.com/topics/cloud-security

Cloud Security Issues (contd.)

Specific cloud security issues include the following:

28

Source: Accenture – State of Cybersecurity Resilience 2021 –

https://www.accenture.com/_acnmedia/PDF-165/Accenture-State-Of-Cybersecurity-2021.pdf

More than 66% of workloads will shift to the cloud

32% of organizations

will move more than 75% into the cloud

say security is not part of the cloud discussion to begin with

say poor governance and compliance practices are an issue

say cloud security is too complex

do not have the skills needed

Cloud Security Issues (contd.)

OWASP Top 10–A6:2017 – Security Misconfiguration

29

Source: OWASP Top 10 2017 A6 – Security Misconfiguration –

https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html

Cloud Security Issues (contd.)

Common cloud security vulnerabilities:

30

Source: OWASP Top 10 2017 A6 – Security Misconfiguration –

https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration.html

Cloud Security Issues (contd.)

OWASP Cloud-Native Application Security Top 10:

31

Source: OWASP Foundation – OWASP CNAS Top 10 –

https://www.youtube.com/watch?v=BG4Kn6dcGtI

Cloud Security Issues (contd.)

OWASP Cloud-Native Application Security Top 10:

Insecure cloud, container or orchestration configuration

Injection flaws

Improper authentication & authorization

CI/CD pipeline & software supply chain flaws

Insecure secrets storage

Over-permissive or insecure network policies

Using components with known vulnerabilities

Improper assets management

Inadequate compute resource quota limits

Ineffective logging & monitoring

32

Cloud Security Attacks

33

Cloud Security Attacks

Most common cloud security attacks:

34

Attack Type Description
Cross-Site Scripting (XSS) A type of injection in which malicious scripts are injected into otherwise benign and trusted websites
SQL Injection An untrusted source uses an application’s user input features to enter data that is used to dynamically construct a SQL query to read sensitive database data
DDoS The attacker floods the server with so many requests from compromised computers that act as a part of a larger botnet that the server can no longer fulfill requests from legitimate users
Human Error Accidents, weak passwords, password sharing, and other unwise or uninformed user behaviors

Cloud Security Attacks (contd.)

Most common cloud security attacks (continued):

35

Attack Type Description
Ransomware The attacker encrypts and locks the victim’s data and then demands a ransom to unlock and decrypt the data. Ransomware operators abused cloud infrastructure and introduced new encryption techniques to better evade detection (Accenture, 2021).
Malware Software written specifically to exploit vulnerabilities. Cloud-related malware has evolved faster than more traditional malware (Accenture, 2021).
Server-Side Request Forgery (SSRF) The attacker can abuse functionality on the server to read or update internal resources

Cloud Security Attacks (contd.)

What is an SSRF Attack? – Professor Messer

36

Source: Professor Messer – Request Forgeries – SY0-601 CompTIA Security+: 1.3 –

https://www.youtube.com/watch?v=fmtqMzP7aXI

Cloud Security Best Practices

37

Cloud Security Best Practices

Best practices for cloud security include :

Implementing a strong identity foundation

Enabling traceability

Applying security at all layers

Automating security best practices

Protecting data in transit and at rest

Keeping people away from data

Preparing for security events

38

Source: AWS – Well-Architected Framework –

https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/wellarchitected-security-pillar.pdf

Cloud Security Best Practices (contd.)

Best practices for cloud security include :

Implementing a cloud-based secure web gateway (SWG) so corporate devices are protected against web-based threats without routing through VPN

Protecting data with a cloud access security broker (CASB)

Setting CASB policy to include device checks, data controls, and protection for SaaS accounts

Implementing MFA to reduce the risk of stolen credentials being used to access accounts

Letting employees use their personal devices to access SaaS applications for productivity with conditional access to sensitive data

39

Source: McAfee – Cloud Adoption and Risk Report –

https://www.mcafee.com/enterprise/en-us/assets/reports/rp-cloud-adoption-and-risk-report-work-from-home-edition.pdf

Cloud Security Best Practices (contd.)

Best practices for cloud security include (continued):

Taking a risk-based view

Understanding the shared responsibility model

Driving a collaborative culture between application, IT/ops, and security teams

Considering security as a forethought and not an afterthought

Monitoring continuously for security and compliance

Planning proactively for cybersecurity events

40

Source: IBM – Cloud Security White Paper –

https://www.ibm.com/cloud/architecture/files/ibm-cloud-security-white-paper.pdf

Cloud Security Best Practices (contd.)

Use the following cloud security best practices to protect against security misconfiguration:

41

Source: OWASP Top 10 2017 A6 – Security Misconfiguration –

https://owasp.org/www-project-top-ten/2017/A6_2017-Security_Misconfiguration

Recap

Cloud security issues are among the OWASP Top 10 list of web application security risks

This is due to issues in cloud security such as misconfiguration, lack of visibility, multitenancy, identity and access management, compliance, monitoring and logging, etc.

Hackers are able to exploit the weaknesses using attacks such as XSS, SQL injection, DDoS, human error, ransomware, malware, SSRF, etc.

Cloud security best practices include understanding the shared responsibility model, using strong IAM policies, implementing MFA, using CASBs, using SWGs, encrypting data in transit and at rest, enabling traceability, preparing proactively for security events, etc.

42

Thank you!!!

43

How it Works

  1. Clіck оn the “Place оrder tab at the tоp menu оr “Order Nоw” іcоn at the bоttоm, and a new page wіll appear wіth an оrder fоrm tо be fіlled.
  2. Fіll іn yоur paper’s іnfоrmatіоn and clіck “PRІCE CALCULATІОN” at the bоttоm tо calculate yоur оrder prіce.
  3. Fіll іn yоur paper’s academіc level, deadlіne and the requіred number оf pages frоm the drоp-dоwn menus.
  4. Clіck “FІNAL STEP” tо enter yоur regіstratіоn detaіls and get an accоunt wіth us fоr recоrd keepіng.
  5. Clіck оn “PRОCEED TО CHECKОUT” at the bоttоm оf the page.
  6. Frоm there, the payment sectіоns wіll shоw, fоllоw the guіded payment prоcess, and yоur оrder wіll be avaіlable fоr оur wrіtіng team tо wоrk оn іt.

Nоte, оnce lоgged іntо yоur accоunt; yоu can clіck оn the “Pendіng” buttоn at the left sіdebar tо navіgate, make changes, make payments, add іnstructіоns оr uplоad fіles fоr the оrder created. e.g., оnce lоgged іn, clіck оn “Pendіng” and a “pay” оptіоn wіll appear оn the far rіght оf the оrder yоu created, clіck оn pay then clіck оn the “Checkоut” оptіоn at the next page that appears, and yоu wіll be able tо cоmplete the payment.

Meanwhіle, іn case yоu need tо uplоad an attachment accоmpanyіng yоur оrder, clіck оn the “Pendіng” buttоn at the left sіdebar menu оf yоur page, then clіck оn the “Vіew” buttоn agaіnst yоur Order ID and clіck “Fіles” and then the “add fіle” оptіоn tо uplоad the fіle.

Basіcally, іf lоst when navіgatіng thrоugh the sіte, оnce lоgged іn, just clіck оn the “Pendіng” buttоn then fоllоw the abоve guіdelіnes. оtherwіse, cоntact suppоrt thrоugh оur chat at the bоttоm rіght cоrner

NB

Payment Prоcess

By clіckіng ‘PRОCEED TО CHECKОUT’ yоu wіll be lоgged іn tо yоur accоunt autоmatіcally where yоu can vіew yоur оrder detaіls. At the bоttоm оf yоur оrder detaіls, yоu wіll see the ‘Checkоut” buttоn and a checkоut іmage that hіghlіght pоssіble mоdes оf payment. Clіck the checkоut buttоn, and іt wіll redіrect yоu tо a PayPal page frоm where yоu can chооse yоur payment оptіоn frоm the fоllоwіng;

  1. Pay wіth my PayPal accоunt‘– select thіs оptіоn іf yоu have a PayPal accоunt.
  2. Pay wіth a debіt оr credіt card’ or ‘Guest Checkout’ – select thіs оptіоn tо pay usіng yоur debіt оr credіt card іf yоu dоn’t have a PayPal accоunt.
  3. Dо nоt fоrget tо make payment sо that the оrder can be vіsіble tо оur experts/tutоrs/wrіters.

Regards,

Custоmer Suppоrt

Order Solution Now