Cloudy to clear skies – a guide for cloud security
After initial concerns, especially in the German market, cloud services have finally proven themselves. The offers are versatile, flexible and comprehensive. Furthermore cloud service providers (CSP) offer their services in different ways. No matter if the service is offered as software as a service (SaaS), platform as a service (Pass) or infrastructure as a service (IaaS) the fundamental problem (concerning IT-security) stays the same: Using services from a service provider instead of using your own infrastructure doesn’t mean that your data is automatically save. You still have the responsibility for the security of your data and for dealing with the risks.
The following chart shows where the responsibility shifts from CSP to the customer.
|Area of responsibility||SaaS||Paas||IaaS||On premise|
|Data governance &
|Account & access
|Identity management||CSP / customer||CSP / customer||Customer||Customer|
|Application||CSP||CSP / customer||Customer||Customer|
(host, network &
Figure 1: Responsibilities of CSP and customer
Conclusion: At least the responsibility for data governance, rights management for the different clients using the service and account and access management is still the customers obligation.
Threat modeling helps to identify danger zones
But how can one find out which means have to be taken for proper security of critical information? Threat modeling is the answer – the modeling of potential threats has been proven as the best way. Often the STRIDE model is used to categorize the threats. This model includes the following categories:
- Spoofing identity
- Tampering data
- Information disclosure
- Denial of service
- Elevation of privileges
Threat modeling should be done in an early stage of the design process. Here you have the best flexibility in designing the necessary security measures. Doing this you should focus on the application itself but also on all the features that are relevant for security and would affect the user in case of compromise.
The process of the threat evaluation counts basically four steps:
- Modeling of the application (reference architecture)
- Specification of threats
- Mitigation of threats
- Validation of mitigation measures
In the process you consider the following elements of the application which are relevant to most threat categories:
- Processes (STRIDE)
- Dataflows (TID)
- Datastores (TID and sometimes R)
- External entities (SRD)
Eventually you should have a comprehensive overview of potential threats as well as appropriate countermeasures.
Cloud security checklist
Common risks while using cloud services can be avoided if you keep the following security checklist in mind:
- Secure your root account and access keys. Protect your access keys the same way you protect your bank data. Use multi-factor-authentication (MFA) if possible.
- Create user roles with limited rights. Only grant access to your data if it is necessary. You can use appropriate policies in your identity and access management (IAM).
- Secure your data stores, especially those that contain logging and account data. Only grant access to persons that really need it.
- Only use encrypted data stores. Encrypt your data, snapshots and disk I/O with state-of-the-art algorithms (e. g. AES-256). Enforce the encryption through policies.
- Do not create public data stores.
- Activate the existing monitoring and logging functions. Enable auditing processes and transparency of all activities within the cloud.
- Limit the privileged rights to the necessary roles and time periods. Cloud service providers often offer functions that allow you to use temporary credentials with limited rights.
- Control the in- and outgoing traffic of your system with the help of clearly defined security groups. A security group controls the in- and outgoing traffic and functions as firewall for one or more systems.
- Capture the IP traffic from and to network interfaces on your virtual private cloud (VPC) and analyze it to recognize anomalies and misconfigurations.
- Encrypt in- and outgoing data traffic. Use TLS or IPsec to move your data safely.
- Familiarize with versioning and lifecycle policies. Versioning allows you to restore single versions of saved objects. Automate the lifecycle of your objects using rule-based actions.
- Activate access logging and analyze the data. Analyzing access logs is crucial for the detection of fraud and can help you to better understand and optimize user behavior.
- Control the accounts of your cloud provider to detect fraud.