CLOUD SECURITY AUDIT

We have heard several cases like the ones below on cloud security. If you are able to relate to one of them, then a comprehensive security assessment is due.

"One of our recently fired DBA had access to few of our systems and he managed to truncate 5 years of production database of our customer on AWS. The DBA deleted the logs too. So we couldn't prove anyone that this was an unauthorized execution."

Solution: IAM access policies should be handled in a centralized manner. Worst Case, VPC flow logs should have enabled for tracking activities.

"We have an public internet facing application and it often go down due to DDoS attacks. We are facing huge productivity loss and bad customer reputation."

Solution: Have a Web Application Firewall enabled which will handle the detection and blocking of DDoS attacks.

"We found that our non-production Jenkins servers are being used by unidentified people to run Bitcoin mining programs. Our cloud usage for past 3 months have gone up by almost 50%."

Solution: Do you have ports open to public internet? If yes, can we relook at your architecture to seal these ports to avoid further exploitation?

What is cloud security and how should you handle it?

Security of your cloud setup is a shared responsibility. AWS has put this way in an easy-to-understand manner. The security of applications hosted on AWS including IAM access, encryption, content, 3rd party APIs etc should be managed by the customer.

Customer Applications and Content
Vulnerability Points

An application running on cloud has several vulnerability points. The need to secure these points depends on the application’s use, compliance requirements and customer budget.

Ask yourself these questions. A lot of ‘NO’s is not a good scene.

  • Are you running an internet facing web application? If yes, do you have WAF to mitigate DDoS?
  • Are you running an internet facing web application? Id yes, do you have SSL to prevent MITM attacks?
  • Are you concerned about your firewall security, server security and other infrastructure vulnerabilities? Is yes, have you done a comprehensive infrastructure Vulnerability Assessment & Penetration Testing (VAPT) exercise to identify these vulnerabilities and fix them?
  • Are you concerned about the health of your application APIs and other vulnerabilities found at application level? If yes, have you run an application VAPT (manual tests are recommended) to identify these vulnerabilities and fix them?
  • Do you have a large set of people accessing your AWS infrastructure directly? If yes, are they accessing the systems through a VPN tunnel?
  • Do you want to track the logs to capture unauthorized provisioning of AWS services or changes done to your AWS setup? If yes, you should enable logging mechanisms like CloudTrail and VPC flow logs.
  • Do you have a large set of people accessing your AWS account console directly? If yes, do you have AD/LDAP integration with their AWS access credentials in place?
  • Do you have a large set of people accessing your AWS account console directly? If yes, have you enabled Multi-Factor Authentication for access?
  • Do you want to manage access controls to your AWS setup in a better manner? If yes, you should maintain individual AWS accounts for different setups like Prod, UAT, Dev and one for just handling user accounts.
  • Do you want additional protection to your servers? If yes, you should consider Deep Security tools which provides anti-virus, anti-malware and IDS/IPS protection.
  • Are you looking at encryption services? If yes, you can consider 3rd party encryption tools which can provide data encryption and key management solutions.
  • What about cloud native security? Configure VPC, security groups, subnets, ports/IP blocking rules with best practices.

Powerupcloud Cloud Security Assessment Workshop

Stake Holders
Interview

Security Audit
VAPT

Security Report
Submission

Best Practices
Implementation

Sanity Checks
& Documentation

24*7 Security
Management

Allow our cloud security experts to help you today!