What is Cloud Security?

Checkpoint

Zero Trust and Why You Should Embrace It

The term Zero Trust was first introduced in 2010 by John Kindervag who, at that time, was a senior Forrester Research analyst. The basic principle of Zero Trust in cloud security is not to automatically trust anyone or anything within or outside of the network—and verify (i.e., authorize, inspect and secure) everything.

Zero Trust, for example, promotes a least privilege governance strategy whereby users are only given access to the resources they need to perform their duties. Similarly, it calls upon developers to ensure that web-facing applications are properly secured.  For example, if the developer has not blocked ports consistently or has not implemented permissions on an “as needed” basis, a hacker who takes over the application will have privileges to retrieve and modify data from the database.

In addition, Zero Trust networks utilize micro-segmentation to make cloud network security far more granular. Micro-segmentation creates secure zones in data centers and cloud deployments thereby segmenting workloads from each other, securing everything inside the zone, and applying policies to secure traffic between zones.

The 6 Pillars of Robust Cloud Security

While cloud providers such as Amazon Web Services (AWS), Microsoft Azure (Azure), and Google Cloud Platform (GCP) offer many cloud native security features and services, supplementary third-party solutions are essential to achieve enterprise-grade cloud workload protection from breaches, data leaks, and targeted attacks in the cloud environment. Only an integrated cloud-native/third-party security stack provides the centralized visibility and policy-based granular control necessary to deliver the following industry best practices:

1. Granular, policy-based IAM and authentication controls across complex infrastructures

Work with groups and roles rather than at the individual IAM level to make it easier to update IAM definitions as business requirements change. Grant only the minimal access privileges to assets and APIs that are essential for a group or role to carry out its tasks. The more extensive privileges, the higher the levels of authentication. And don’t neglect good IAM hygiene, enforcing strong password policies, permission time-outs, and so on.

2. Zero-trust cloud network security controls across logically isolated networks and micro-segments

Deploy business-critical resources and apps in logically isolated sections of the provider’s cloud network, such as Virtual Private Clouds (AWS and Google) or vNET (Azure). Use subnets to micro-segment workloads from each other, with granular security policies at subnet gateways. Use dedicated WAN links in hybrid architectures, and use static user-defined routing configurations to customize access to virtual devices, virtual networks and their gateways, and public IP addresses.

3. Enforcement of virtual server protection policies and processes such as change management and software updates:

Cloud security vendors provide robust Cloud Security Posture Management, consistently applying governance and compliance rules and templates when provisioning virtual servers, auditing for configuration deviations, and remediating automatically where possible.

4. Safeguarding all applications (and especially cloud-native distributed apps) with a next-generation web application firewall

This will granularly inspect and control traffic to and from web application servers, automatically updates WAF rules in response to traffic behavior changes, and is deployed closer to microservices that are running workloads.

5. Enhanced data protection

Enhanced data protection with encryption at all transport layers, secure file shares and communications, continuous compliance risk management, and maintaining good data storage resource hygiene such as detecting misconfigured buckets and terminating orphan resources.

6. Threat intelligence that detects and remediates known and unknown threats in real-time

Third-party cloud security vendors add context to the large and diverse streams of cloud-native logs by intelligently cross-referencing aggregated log data with internal data such as asset and configuration management systems, vulnerability scanners, etc. and external data such as public threat intelligence feeds, geolocation databases, etc. They also provide tools that help visualize and query the threat landscape and promote quicker incident response times. AI-based anomaly detection algorithms are applied to catch unknown threats, which then undergo forensics analysis to determine their risk profile. Real-time alerts on intrusions and policy violations shorten times to remediation, sometimes even triggering auto-remediation workflows.

…( Continued)

https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/