Security Architecture

Define and enforce strong authentication mechanisms, implement role-based access controls, manage user identities, and review access regularly.

Access Control and Identity Management

Identity access management (IAM) provides the necessary controls to manage user identities and access to cloud resources, ensuring that only authorized individuals have access to sensitive data and applications.

The need for IAM arises because cloud adoption introduces new security challenges, such as the need to manage access across multiple cloud platforms and services, the need to control access from various devices and locations, and the need to enforce compliance with industry and regulatory standards.

The following steps are recommended to implement IAM policies:

• Identify the critical assets and resources that require protection.
• Define the access policies and roles that govern access to those assets.
• Establish user provisioning and de-provisioning processes to manage user access.
• Implement multi-factor authentication (MFA) to verify user identities and reduce the risk of unauthorized access.
• Monitor user activity and access logs to detect and respond to suspicious behavior.
• Regularly review and update access policies and roles to ensure continued effectiveness.

Just-in-Time access

Just-in-time (JIT) access with sliding window expiration management is a security model that lets users gain temporary access to cloud resources on a need-to-know basis. This approach minimizes the attack surface and helps to prevent unexpected misuse of cloud resources.

JIT access lets users gain access to resources for a limited period of time, and with limited privileges. With sliding window expiration management, access is granted for a set time window, such as 30 minutes, and then automatically expires. This approach helps to prevent unauthorized access and reduces the risk of data breaches and other security incidents.

The following information describes the ways JIT access with sliding window expiration management can help maintain a good security model and prevent unexpected misuse:

• Limit exposure: By limiting access to cloud resources to only those users who need it, the attack surface is reduced, and the risk of unauthorized access is minimized.
• Reduce risk of credential theft: With JIT access, users don't need long-term access credentials, which can be stolen or compromised. Instead, they are given temporary access, reducing the risk of credential theft.
• Enforce least privilege: With sliding window expiration management, access is granted only for a limited time and with limited privileges. This approach helps to enforce the principle of least privilege, which limits the level of access granted to users and reduces the risk of data breaches and other security incidents.
• Automate access management: JIT access with sliding window expiration management can be automated, making it easier to manage and enforce access controls across a large number of cloud resources.
• Improve auditability: JIT access with sliding window expiration management provides an audit trail of who accessed cloud resources and when, making it easier to detect and investigate security incidents.

Least Privilege Access

Implementing the minimum level of permission required to perform an action is an important aspect of maintaining a good security posture in any system. This principle, known as the principle of least privilege (PoLP), states that a user should only be granted the minimum level of access required to perform their job function.

The following information describes reasons why implementing the minimum level of permission required is important in maintaining a good security posture:

• Reducing the risk of data breaches: By limiting user permissions to only what is necessary to perform their job function, the risk of data breaches is minimized. If a user's account is compromised, the attacker will have access to a limited set of data, rather than the entire system.
• Limiting the spread of malware and viruses: If a user account is compromised, any malware or viruses that are introduced to the system will also have limited access to data and resources.
• Ensuring compliance: Many compliance regulations require organizations to implement the principle of least privilege. By doing so, your organization can demonstrate that you are taking appropriate steps to protect sensitive data and maintain compliance.
• Easier management: By limiting permissions to only what is necessary, it's easier to manage user accounts and access controls. This reduces the risk of misconfigurations and errors that could lead to security incidents.
• Increased accountability: When users are granted only the minimum level of permission required, it's easier to track and audit their actions. This increases accountability and makes it easier to detect and investigate any security incidents that might occur.

Access Review

Periodic evaluation of user permissions is an important aspect of maintaining a good security posture in any system. This evaluation involves reviewing the permissions granted to users to ensure that they are still necessary and assigned for the right purpose. The following information describes reasons why periodic evaluation of user permission is important:

• Limiting access: Over time, users might accumulate permissions that are no longer necessary for their job function. By periodically reviewing and revoking unnecessary permissions, access to sensitive data and resources is limited, reducing the risk of unauthorized access and data breaches.
• Reducing the attack surface: Unnecessary permissions can increase the attack surface of a system, making it more vulnerable to attacks. By periodically evaluating user permissions and revoking unnecessary access, the attack surface is reduced, making it harder for attackers to gain access to sensitive data.
• Compliance: Many compliance regulations require periodic reviews of user permissions to ensure that access controls are being properly managed. By conducting these reviews, you can ensure that you are in compliance with relevant regulations.
• Ensuring permissions are assigned for the right purpose: User permissions should be assigned based on job function and business needs. By conducting periodic evaluations, you can ensure that permissions are still being used for their intended purpose.
• Detecting anomalies: Periodic evaluations of user permissions can help to detect anomalies or unauthorized changes to permissions. This can be an indication of a potential security incident or a violation of security policies.

Configure firewalls, intrusion detection and prevention systems, web application firewalls, and other security measures to protect the infrastructure. Implementing infrastructure security is essential to protecting your data and systems from cyber threats.

• Network Security
  • Segment the network into different zones to limit the exposure of sensitive systems and data to untrusted networks.
  • Use firewalls to control traffic between network segments and enforce security policies.
  • Implement intrusion detection and prevention systems (IDS/IPS) to monitor and block network attacks.
• Firewall
  • Configure firewall rules to block all traffic by default and only allow necessary traffic based on source, destination, and port number.
  • Implement stateful inspection to track the state of network connections and prevent unauthorized access.
  • Use virtual cloud networks (VCNs) to encrypt and secure remote access to the network.
• Identity and Access Management
  • For IAM, implement a least privilege model, where users are only granted the minimum level of access required to perform their job functions.
  • Use multi-factor authentication (MFA) to verify user identity and prevent unauthorized access.
  • Implement user provisioning and de-provisioning processes to ensure that access is granted and revoked in a timely and controlled manner.
• Vulnerability Management
  • Implement a patch management process to apply software updates and security patches in a timely and controlled way.
  • Conduct regular vulnerability scans to identify and remediate vulnerabilities before they can be exploited.
  • Use a threat intelligence feed to identify new threats and prioritize remediation efforts.
• Logging and Monitoring
  • Implement a centralized logging and monitoring solution to collect and analyze security event logs from network devices, servers, and applications.
  • Implement security information and event management (SIEM) to correlate and analyze security events in real-time, and generate alerts on potential security incidents.
  • Conduct regular security audits and penetration testing to identify and remediate weaknesses in the security posture.

Workload isolation is essential in cloud computing to maintain security because it helps to prevent the spread of security breaches or attacks between different workloads running on the same infrastructure. Workload isolation refers to the practice of separating workloads so that they are isolated from each other in terms of compute, storage, and networking resources. This separation ensures that if one workload is compromised, the damage will be limited to that workload, and other workloads will remain secure.

Segment network traffic, use virtual private clouds (VPCs), and employ security groups to isolate workloads. The following information describes steps to implement workload isolation best practices:

• Identify critical assets and data: Determine which workloads contain critical data or assets that require the highest level of security.
• Define workload isolation policies: Define workload isolation policies that govern how workloads will be separated from each other based on their sensitivity and criticality.
• Choose the right cloud service: Choose a cloud service that offers workload isolation features such as virtual cloud network (VCN), security list or network security groups (NSGs) and firewalls.
• Use VCNs or NSGs: Use VCNs or NSGs to segment workloads based on their security requirements. VCNs provide network-level isolation, while NSGs provide more granular control over traffic flow.
• Implement access controls: Implement access controls to ensure that only authorized personnel have access to critical workloads.
• Monitor and audit: Monitor and audit the workload isolation policies regularly to ensure that they are effective and that workloads remain secure.
• Implement encryption: Implement encryption to protect sensitive data at rest and in transit between workloads.

Separation of concerns is a software design principle that promotes the separation of different functionalities or concerns into distinct modules, classes, or components. This approach makes it easier to develop, test, and maintain complex systems, as each component can be developed independently and modified without affecting the others.

In implementing security in the cloud, separation of concerns can be used to isolate security concerns from other system concerns. This separation enables security policies and procedures to be implemented and maintained independently of other system components.

For example, in a cloud environment, separation of concerns could involve implementing a security policy management system that is separate from other system components. This system would be responsible for defining and enforcing security policies, such as access control and data protection, and would be independent of other system components, such as application servers or databases.

Reviewing audit permission logs and access logs is an important aspect of maintaining a good security posture in any system. These logs can provide valuable information about user activity, system performance, and potential security incidents. Transferring these logs to a Security Information and Event Management (SIEM) system can generate insightful information to deal with potential security threats.

The following information describes reasons why reviewing audit permission and access logs in important:

• Detecting security incidents: Audit permission logs and access logs can help to detect security incidents, such as unauthorized access attempts or changes to system configurations. By reviewing these logs, organizations can quickly identify potential security incidents and take appropriate action to mitigate them.
• Investigating incidents: If a security incident does occur, audit permission logs and access logs can provide valuable information for investigating the incident. These logs can help to identify the source of the incident, the extent of the damage, and the steps that were taken to mitigate the incident.
• Improving policies: Reviewing audit permission logs and access logs can help to improve security policies and procedures. By analyzing the data in these logs, you can identify areas where security policies might need to be updated or improved to better protect sensitive data and resources.
• Monitoring user activity: Audit permission logs and access logs can be used to monitor user activity and ensure that users are complying with security policies and procedures. By reviewing these logs, you can identify any unusual activity or patterns that might indicate a potential security incident or violation of security policies.
• Compliance: Many compliance regulations require organizations to maintain and review audit permission logs and access logs to ensure that access controls are being properly managed. By conducting these reviews, you can ensure that you are in compliance with relevant regulations.

Understanding data sensitivity and compliance concerns for standards such as Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and so on, is crucial to maintaining a good security posture and ensuring that sensitive data is protected from unauthorized access. The following information describes reasons why it's important to understand data sensitivity and compliance concerns:

• Protecting sensitive data: Sensitive data, such as credit card information or personal health information, must be protected from unauthorized access and theft. By understanding data sensitivity and compliance concerns, you can implement appropriate security controls to protect this data.

• Avoiding legal and financial penalties: Non-compliance with regulations such as PCI, HIPAA, and GDPR can result in legal and financial penalties. By understanding compliance concerns, you can ensure that you are in compliance with relevant regulations and avoid these penalties.

• Maintaining customer trust: Data breaches can damage an organization's reputation and erode customer trust. By implementing appropriate security controls and complying with relevant regulations, you can demonstrate your commitment to protecting sensitive data and maintaining customer trust. The following information describes some best practices for maintaining PCI, HIPAA, GDPR, and other similar standards without compromising security:

• Identify sensitive data: Identify all sensitive data, including personal health information, financial data, and other personally identifiable information, and implement appropriate security controls to protect this data.

• Implement access controls: Access to sensitive data should be restricted to authorized personnel only, and access controls should be implemented to ensure that only those with a legitimate need to access the data are able to do so.

• Use encryption: Sensitive data should be encrypted both in transit and at rest to protect it from unauthorized access.

• Monitor and audit access: Access to sensitive data should be monitored and audited to detect unauthorized access and potential security incidents.

• Conduct regular security assessments: Regular security assessments can help to identify vulnerabilities in the system and ensure that appropriate security controls are in place.

• Train employees: Employees should be trained on security best practices and compliance requirements to ensure that they understand the importance of protecting sensitive data and complying with relevant regulations.

Understand and comply with local data protection laws and regulations. Consider the shared security model to determine responsibilities between the cloud provider and customer.

Local Laws

For security best practices, it's important to not only consider global laws and regulations, but also local laws. Local laws can vary widely between countries, regions, and even municipalities, and violating these laws can have serious consequences for individuals and organizations. The following information describes reasons why local laws are important to consider for improving security best practices:

• Compliance: Compliance with local laws is essential for avoiding legal penalties and other consequences. Violating local laws can result in fines, legal action, and damage to your reputation.
• Cultural and societal norms: Local laws might reflect cultural and societal norms, which can impact security best practices. For example, in some countries, it might be more acceptable to share personal information than in others. Understanding these norms is essential for implementing security best practices that are effective and culturally sensitive.
• Emerging threats: Local laws might be designed to address emerging security threats that are specific to a particular region or country. By understanding these threats and complying with relevant laws, you can stay ahead of potential security risks and protect your data and systems.
• Collaboration: Compliance with local laws can help facilitate collaboration between organizations and governments. By working together to address security threats, you can build trust and create more effective security measures.

The consequences of violating local laws can be severe. Depending on the nature of the violation, organizations might face fines, legal action, and damage to their reputation. In some cases, violating local laws might also result in criminal charges and imprisonment. It's essential to understand and comply with relevant local laws to avoid these consequences and maintain a good security posture.

Shared Security Model

The shared security model is a framework for understanding the division of responsibilities between cloud providers and customers in terms of security. As a customer, you must understand your responsibilities to implement security and governance to meet organizational aspiration. In a shared security model, the cloud provider and the customer are responsible for different aspects of security, as follows:

• Cloud Provider Responsibilities:
  • Physical security of data centers
  • Network infrastructure security
  • Hypervisor and host server security
  • Security of cloud-based services and platforms
  • Patch management of underlying systems
  • Compliance with industry-specific security standards and regulations
• Customer Responsibilities:
  • Data and application security
  • Identity and access management (IAM)
  • Configuration of security controls
  • Security monitoring and event management
  • Compliance with applicable regulatory requirements
  • Security of any custom code or applications running in the cloud

In general, the cloud provider is responsible for the security of the underlying cloud infrastructure, while the customer is responsible for the security of their applications and data that are hosted in the cloud. The specific responsibilities might vary depending on the type of cloud deployment model being used, such as infrastructure as a service (IaaS), platform as a service (Paas), and software as a service (SaaS).

Setting up continuous monitoring of security events, anomalies, and potential breaches, in addition to establishing incident response procedures, is essential for maintaining a proactive and effective security posture within a cloud environment.

The following information describes how to implement these practices

Continuous Monitoring

1. Select monitoring tools:
   • Choose appropriate security monitoring tools and services that are capable of collecting and analyzing logs, events, and metrics from various cloud resources.
2. Define key metrics and events:
   • Identify critical security metrics, events, and anomalies that need to be monitored. Examples include login failures, unusual network traffic, unauthorized access attempts, and resource usage anomalies.
3. Implement logging and auditing:
   • Configure logging and auditing for cloud services and applications. Collect logs from various sources, such as virtual machines, containers, databases, and applications.
4. Use centralized log management:
   • Use a centralized log management system or security information and event management (SIEM) platform to aggregate, correlate, and analyze log data from different sources.
5. Set up real-time alerts:
   • Set up real-time alerts and notifications based on predefined thresholds or patterns that indicate potential security incidents.
6. Use anomaly detection:
   • Use machine learning and behavior analysis techniques to detect unusual patterns or deviations from baseline behavior.

Incident Response Procedures

1. Use incident classification:
   • Define categories of security incidents based on severity and impact. Classify incidents as low, medium, or high priority.
2. Establish an incident response team:
   • Establish a dedicated incident response team consisting of individuals with expertise in security, cloud technology, legal, and communication.
3. Use incident detection and triage:
   • Monitor alerts and logs to identify potential security incidents. Quickly assess the scope, impact, and severity of each incident.
4. Develop response playbooks:
   • Develop incident response playbooks that outline step-by-step procedures for different types of incidents. These playbooks should include clear instructions for containment, eradication, and recovery.
5. Practice containment and mitigation:
   • Take immediate actions to contain the incident and prevent further damage. This might involve isolating affected systems, disabling compromised accounts, or blocking malicious activities.
6. Perform forensic analysis:
   • Perform forensic analysis to understand the root cause, entry points, and extent of the incident. Preserve evidence for legal and investigative purposes.
7. Provide communication and reporting:
   • Notify relevant stakeholders, including management, legal, and affected users, about the incident. Provide regular updates and maintain open communication channels.
8. Perform remediation and recovery:
   • Remediate vulnerabilities or weaknesses that led to the incident. Restore affected systems, validate their integrity, and ensure normal operations resume.
9. Perform a post-incident review:
   • Conduct a post-incident review to assess the effectiveness of the response, identify areas for improvement, and update incident response playbooks.