• Cloud Security Concepts
• TERMS:
• SHARED RESPONSIBILITY MODEL
• EAST-WEST & NORTH-SOUTH TRAFFIC
• SEGMENTATION & MICROSEGMENTATION
• SECURITY PRACTICES CHALLENGES
• SHARED SECURITY MODEL
• MULTI-CLOUD SECURITY MANAGEMENT

Cloud Security Concepts

TERMS:

5-Tuple Flow:

• Defines a network connection by five attributes: source IP address, source port, destination IP address, destination port, and protocol.

From Gartner:

• Shift focus from asking "Is the cloud secure?" to "Am I using the cloud securely?"

SHARED RESPONSIBILITY MODEL

• Provider's Responsibility: Security of the cloud (infrastructure, hardware, software, networking, and facilities).
• Customer's Responsibility: Security in the cloud (data, endpoints, applications, identity and access management, etc.).

Pizza Model:

• A metaphor for shared responsibility, comparing cloud service models (IaaS, PaaS, SaaS) to different types of pizza (homemade, takeout, delivery) to illustrate varying levels of customer and provider responsibility.

EAST-WEST & NORTH-SOUTH TRAFFIC

North-South Traffic:

• Client/server communication across a wide area network (WAN).

East-West Traffic:

• Network communication within the same cloud environment, which can include different local area networks (LANs), virtual private clouds (VPCs), or hybrid architectures.

SEGMENTATION & MICROSEGMENTATION

• Trust Zones:
• Use next-generation firewalls (NGFW) and intrusion prevention systems (IPS) at the boundaries to create secure zones within a network.
• Access Control Lists (ACLs) & Basic Segmentation (Security Groups):
• Provide basic network segmentation but lack visibility at the application level.
• Virtual Firewalls:
• Offer application-level control for enhanced security.
• Layer 7 Security:
• Native cloud security controls often operate at Layer 4, but Layer 7 is crucial for contextual information and effective security policies.
• Native tools often lack comprehensive threat detection and response capabilities (IPS).

SECURITY PRACTICES CHALLENGES

• Complexity:
• A plethora of tools to learn and apply can be overwhelming.
• Consistency:
• Maintaining a consistent security posture across different providers can be challenging due to varied security mechanisms.
• Scalability:
• Manual security tools are difficult to scale in CI/CD environments, adding significant maintenance overhead.

SHARED SECURITY MODEL

• NGFWs Integration:
• Essential for enhancing security in cloud environments.
• Internet-Facing Applications:
• Use ACLs and web application firewalls (WAFs) for protection, though WAFs offer limited control over non-web applications due to their focus on Layer 7.
• Outbound Traffic (Exfiltration):
• Challenges include monitoring integrations (e.g., GitHub) and tracking traffic once control is gained.

MULTI-CLOUD SECURITY MANAGEMENT

• Overview:
• Managing security across multiple cloud providers adds complexity due to different security mechanisms and tools.
• Strategies:
• Implement unified security management platforms.
• Standardize security policies and procedures across clouds.
• Use automation and orchestration to enhance efficiency and reduce manual intervention.