Sponsored by Keepnet Labs

Cloud Security Architecture

By Guest Author : Ahmed Nabil

Nowadays everyone is talking about the cloud and the benefits of moving your environment, infrastructure, platforms to the cloud which is true from my point of view. Take the current pandemic situation of Corona virus and the mandate of remote working or working from home model. Now imagine the ease of this model if your environment is on the cloud or your are leveraging tools and technologies running on the cloud allowing you to connect from anywhere to work and deliver as if you are in your traditional office.

What is cloud computing?

According to NIST 800-145 definition, the cloud main characteristics is being on demand service, broad network access, resource pooling, rapid elasticity and measured service. Does this definition help us as security professionals? As you can see the driving factor for cloud was mainly productivity, availability and resiliency which is perfectly fine, but the security is missed in this equation.

The problem is once you move to the cloud and start consuming services, it become an endless project. The migration or extension to cloud services will add more tools, computers, servers, applications to your current IT portfolio. In other words, a totally new open surface of attack or a new network perimeter that you need to secure.

Introducing the cloud to your current IT environment will add more challenges to your environment as follows:

  1. Integrations of new applications and existing ones (which maybe be obsolete or in-house developed).
  2. Manageability of assets on-premise and in the cloud
  3. Data flowing between your on-premise environment and cloud devices and applications. Remember the new privacy and information regulations as GDPR.
  4. Different silos of process and tools

This is a complete transformation and on top of it, security is shaped to tackle all these challenges.

Information Security Transformation

Most of the businesses are transforming to the new digital by using the latest technologies. One of the main reasons of this transformation is to compete with digital native startups. New digital startups are disrupting the business and forcing their competitors either to move to new digital business or simply exit the market.

This new IT and digital world will provide both challenges and opportunities for information security. While the challenges are significant as we discussed earlier, there is also a huge opportunity to solve longstanding security problems using the new technology and platforms and on top of them is the cloud.

It’s very clear now with the above-mentioned challenges that the old network perimeter is changing. Back in the old days your perimeter was your office network, you need to check in your office and connect to the network to start accessing and working on your data and files. Now with cloud the network perimeter dissolved. Users can access and work from anywhere on almost any device and platform.

This new modern perimeter is the identity perimeter which means the main protection is the identity controls used to protect your data (Information assets) and your end point devices. This requires a new architecture mindset based on the famous cloud/customer cloud responsibility matrix.

Cloud and Customer responsibility sharing

Some users think that moving to the cloud will make them more secure by default while others think they are even more vulnerable and the truth it’s a shared responsibility between both parties. Cloud will definitely offer better security options but again the user must use it and sometimes configure it to get the best out of the cloud.

Let us take the Software as a Service example (SAAS) which is one of the most common models of leveraging the cloud. According the below Cloud/Customers responsibility matrix, three main areas for customer responsibility are as follows:

  1. Identity Protection
  2. Information protection
  3. Endpoint protection

Source: https://www.peerlyst.com/posts/how-to-deal-with-the-shared-responsibility-model-in-public-cloud-part-1-guy-bertrand-kamga

Identity Protection which is very crucial means more investment in Privilege Access Management software, getting rid of old legacy identities, adopting IAM solutions that support single sign-on (SSO) and leverages protocols like (SAML) to integrate with third parties and other partners, use of Multi-factor authentication since password alone will not be sufficient anymore to protect your account and finally quality monitoring of all connections and authentications to your system with proper alerting system.

Endpoint Protection which requires cross platform management solution to manage any client on any platform, sound endpoint protection solution with endpoint detection and response capabilities (EDR), device compliance solution to ensure all connected devices are healthy and again on top of these your monitoring solution.

Information Protection which is the most critical moving part and the responsibility falls on the customer only as the sole owner of these information. Adapting a cross platform solution to scan your resources, classify, label data/files, protect them (encryption for example) and then monitoring the usage of this information on any platform.

As you can see with the SAAS model, the customer side should take care of key areas and rely on the cloud service provider on other areas as hardware, datacenter, applications, patching and maintenance. This is the real benefit of cloud.

Conclusion

Cloud is real opportunity but a challenge for us as security professionals. It’s not just someone else computer accessed remotely but rather a new mind shift with new process, technologies, tools and more importantly operations. It cannot be treated as traditional IT environment otherwise we will not only miss the cloud benefits but might be open for more different threat vectors.

BIO Ahmed Nabil

Ahmed Nabil has more than 17 years of experience in the field of Information Security, IT Infrastructure, Project Management, Risk Management, Application Automation, IT management and holds several professional IT certifications from Microsoft, CISCO, ISACA, ISC2, PMI, CWNP, PECB and EC- Council. Ahmed Nabil has a BS in Electrical and Control Engineering. He completed his graduate education and earned MSc in Business Information Technology from School of Computer Science, Middlesex University, UK followed by a Master of Business Administration (MBA).

Ahmed is an industry expert in Information Security and Digital Transformation, public speaker at several international conferences and author of several articles published in different international security magazines.

Ahmed was awarded the Microsoft Most Valuable Professional Award for 7 years in row and was named as top Information Security executives on different awards in Middle East and US. He was recently selected as member of EC-Council CCISO advisory board due to his Industry standing and deep experience. He is a sports fanatic especially with football and English Premier league and loves to travel everywhere.

 

 

 

 

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *