Prevasio CNAPP

Cloud security also known as cloud computing security is the practice of protecting data, applications, services and the cloud computing infrastructure from cyber threats and attacks. Cloud security includes protecting public, private and hybrid clouds.

Cloud security works on a shared responsibility model, that is, between the third- party cloud providers and the cloud customer. Enterprise customers often have multiple cloud accounts with more than one cloud provider. The cloud user must have a unified view over these cloud environments in order to effectively mitigate risks, detect and correct misconfigurations and manage policy changes easily and efficiently.

These four areas form the basis of any cloud security approach:

1. Visibility
2. Risk management
3. Compliance
4. Automation

Cloud security posture management (CSPM) is the process of managing security across IaaS, SaaS and PaaS infrastructures using various solutions to detect misconfigurations and threats stemming from lack of visibility into the public cloud structure. CPSM solution helps enterprises monitor operations and compliance policies as well as negotiate incident response.

1. Use next generation firewalls (NGFW) for optimum protection
2. Use NGFW dynamic objects
3. Gain a single view over your entire hybrid network
4. Evaluate risk over the entire hybrid network
5. Consistently clean up cloud policies
6. Run risk analysis to get risk remediation recommendations that can be implemented using native DevOps methodology

For Identity and Access Management (IAM) in GCP, it is possible to assign privileges to a Gmail account. However, it’s better to use accounts such as Cloud Identity or G Suite accounts. This makes it possible to distribute user accounts into suitable groups for easier administration. Then privileges to these groups and users can be assigned inside GCP using Cloud Identity and Access Management (Cloud IAM). The principle of least privilege should always be applied to resources (and storage buckets), Multi-factor Authentication should be used for all users.
Within the GCP Virtual Private Cloud (VPC), the predictable default network and associated firewall rules should not be used since they create unnecessary risk. Instead, organizations should create their own VPC and firewall rules. For additional security, only egress traffic required for the environment to function should be allowed. In hybrid environments, Google’s Cloud VPN and Cloud Interconnect should be used to communicate between the on-premise and cloud sites. To reduce the attack surface, public IPs, APIs and project-wide SSH keys should be disabled. The VPC flow log should be enabled at full sampling rate to detect anomalous behavior. All logs in the GCP environment should be activated, and the control plane where firewall rules are configured should be supervised. Unneeded service accounts should be removed, and access to metadata API should be restricted.

Network security focuses on protecting resources, applications and data in the network from unauthorized access – both internal and external. One tactic to protect your network is by using firewalls. The firewall also protects the network against other types of attacks, including brute-force attacks, malicious websites, etc. Network security tools also enable remote, authorized users to securely access the network resources they need.
Cloud security includes network security, as well as the security of services, containers, applications, and servers. It can also include aspects like data encryption, Multi-factor Authentication, malware prevention, monitoring and analysis, etc. It thus encompasses a greater section of the enterprise IT infrastructure, and a broader range of functions than network security.

The complexity of cloud environments creates security gaps due to lower visibility and a lack of a “common language” between different providers. Different management consoles, the absence of a unified view of data, applications and networks, and complex control and management processes add to security and compliance worries.
These challenges can be mitigated with specialized network security management tools from AlgoSec. This solution provides a clear view and control of the entire IT estate, which can help IT teams automatically apply uniform security policies across all cloud and on-premises systems. Automated tools make it easy to translate application connectivity requirements into firewall rules on a large scale to provide always-on security. Tightly managed firewall policies eliminate low level vulnerabilities caused by human error and misconfiguration to reduce the attack surface. Network security policy management and network segmentation can limit the lateral movement of malware.