Cloud security is a collection of tools, policies, technologies and methods that are used to protect the resources or the services that are hosted on the cloud providers like Azure, AWS and GCP.
Why cloud security is important?
As there are more and more cloud providers emerging to provides and there are many consumers who are readily willing to use the services, we need to be careful that we are protecting our cloud infrastructure and application from the externaml and internal threats. Some of the common practices of the ways in which we can secure our cloud infrastructure and application is given below:
IAM controls – IAM controls are the one of the components that are part of AWS cloud and are use to secure the access and authorization of the end users on the AWS resources. They form the first line of defense for securing cloud infrastructure on AWS cloud
Monitoring – Monitoring plays a vital role on identifying and creating alerts if it finds some abnormality on the unusual behavior of the cloud infrastructure that is being used. Having a support team to monitor the cloud infrastructure and application code 24*7 is one of the most important aspects of monitoring.
DAST – DAST stands for dynamic application security testing, it is a method where we test the application for the attacks such as DDOS, penetration testing any more more. We need a application url which can then be configured in some tools such as Kali linux and more.
SAST – Sast stands for static code analysis which is done to make sure that we are not having any bugs and following the best practices. SAST helps us in determining the code coverage and helps us in identifying if there are any credentials that have been checked into the code. One of the most popul;ar tools for SAST scans are Sonarqube which supports scanning code for multiple programming languages like python, donet, java etc.
RBAC Controls – RBAC stands for Role Based Access Control, It helps in providing the minimal required access for the end users so that we have proper access rights and our infrastructure is secure. It is implemented by using Azure AD groups in azure. Azure AD groups are provided the required roles such as Contributer, Adinistration or Reader roles. Once the Azure AD Groups are provided with the required roles, users can be added to the Azure AD Groups.
Azure Policy: Azure Policy helps in creating certain policies that can be enforced on the resources so that administrators can define some certain set of rules which are required to be followed so that we can have standardization across the different subscriptions and resources on the tenant. Multiple azure policy can be created based on the resources like Vnet, Storage Accounts, Azure VM etc. For example we can have a policy for Azure Keyvault defining that it is mandatory to provide the Secret expiry date. One for example is suppose we want to enforce that only company created images should be used to create Azure VM.