eBooks & Reports

O'Reilly's Automating Security in the Cloud

Issue link: https://resources.threatstack.com/i/872576

Contents of this Issue

Navigation

Page 7 of 32

into products developed by over 20 security vendors , which can be leveraged within the cloud computing deployment such as FedRAMP and PCI 3.1 , and are included in the National Vulnerability Database National Checklist Program . Several of these security standards and/or audit processes can incorporate the CIS security leading practices to integrate cloud services, tool and solutions for securing cloud workloads. Within this chapter, we will look at the category of foundational security capabilities and configuration. These foundation elements should be followed by any organiza‐ tion moving workloads to a cloud computing environment no matter what their reg‐ ulatory, industry and geographical location. Additionally, these baseline practices will become the foundation to your security automation, operations and auto-healing capabilities within your cloud computing deployment. We will review the key security practices as well as the configuration references which should be followed and how to ensure you are setting up a secure approach to automation of security in the cloud. Identity & Access Management (IAM) Every enterprise will have its own requirement for identity and access management and/or approach to control access to information and computing resources. The majority of cloud computing providers either integrate existing customer's identity and access management system into their own infrastructure through federated iden‐ tity, Single Sign-On (SSO) technologies or they leverage the cloud providers native IAM solutions. There are a couple of key strategies to consider when moving workloads to the cloud. The first is evaluate your organization current IAM capabilities and processes. Expe‐ riences has shown a lot of organization struggle with existing IAM processes in their on-premise environments due to legacy implementations (e.g. Windows NT domain), lack of IAM strategy as to how the organizations provisions access to sys‐ tems (e.g. non-Least-Privileged) deployments and/or poor audit of IAM management over a period time have put organization at risk. The reality is if an organization does IAM badly today on-premise then moving those same bad practices to the cloud will only increase their chance to continue to operate IAM badly. Since Identity manage‐ ment is one of the most important components of an organization's security infra‐ structure. Then it should be the priority number one to develop a deployment, use and operation process for moving workloads to the cloud. As stated above if your organization has bad practices today and you federate that bad practice to the cloud then you will have inherited that same bad practice to the cloud environment. Since everything is an asset in the cloud and potentially everything is could be an accessible end point it's important to identify and/or create a IAM strategy which is based on least privilege. Another element of IAM is not that more and more organization are moving regulated workloads to the cloud. Compliance requirements such as Sarbanes-Oxley, the Gramm-Leach-Bliley Act, Health Information Portability and 6 | Chapter 4: Cloud Computing Foundational Security Leading Practices

Articles in this issue

view archives of eBooks & Reports - O'Reilly's Automating Security in the Cloud