Cloud Security

This post covers some aspects of information security related to cloud services.

Cloud Security Components

On this section you can find different components that are relevant to cloud security.

Network Security Group

A network security group, sometimes just referred as security group, are virtual firewall used in cloud environments. Like traditional firewall, it is based on rules and are typically stateful.

In addition to security groups, a network access control list (network ACL) is used in cloud computing environments.

A Cloud Access Security Broker (CASB) enables the consistent enforcement of security policies across cloud providers.

Secure Access Service Edge (SASE) integrates the convergence of different and complementary network security services in the cloud.

Cloud Security Posture Management (CSPM) checks that cloud configuration is safe enough. It is related to static security. When this component is specific to SaaS it is called SaaS Security Posture Management (SSPM).

Cloud Workload Protection (CWP) or Cloud Workload Protection Platform (CWPP) helps to monitor security in a cloud. It is related to dynamic security.

Cloud Infrastructure Entitlements Management (CIEM)

Cloud Security Information Event Management (CSIEM) collects logs from cloud, analyze data and triggers alerts or perform actions under certain circumstances. It is the same concept as a SIEM, but for the cloud.

Cloud Detection and Reponse (CDR)

Web Application and API Protection (WAAP) protects applications and the traffic through an API.

Data Loss Prevention (DLP) provides controls to prevent or avoid the loss of data within an organization.

Information Rights Management (IRM) helps to protect the legal rights on intellectual property.

Identity and Access Management (IAM) manages identity and authorization.

A Cloud-native Application Protection Platform (CNAPP) integrates many of these services.

A Cybersecurity Mesh Architecture (CSMA). Do not confuse it with the protocol Carrier Sense Multiple Access with Collision Detection (CSMA/CD). You can read externals article about Cybersecurity mesh architecture at HelpNetSecurity.

SASE

Service Access Service Edge (SASE) controls access to application regardless the location or users involved.

SASE would be the combination of network plus cloud-delivered security.

SASE may make use of Software-Defined WAN (SD-WAN) in the network part.

In the cloud-delivered security:

Secure Service Edge (SSE)

  • FWaaS/SWG
  • ZTNA
  • CASB

Cloud Security Standards

List of Cloud Security Standards:

  • ISO/IEC 27017
  • ISO/IEC DIS 27018
  • NIST SP 800-144
  • NIST SP 500-29x
  • CSA CIR

NIST SP 800-53 provides a catalog of security and privacy controls. It is not directly related to cloud, but it is being adopted by some organizations in the context of cloud.

If your organization is a federal institution within the USA, FIPS publications about cloud security may be relevant.

ISO/IEC 27017

ISO/IEC 27017 is an international standard to make a safer cloud-based environment.

It is not certifiable.

ISO/IEC DIS 27018

ISO/IEC DIS 27018 is an international standard to protect privacy in cloud environments.

Standard versions, from newer to older:

  • ISO/IEC DIS 27018
  • ISO/IEC 27018:2019

NIST SP 800-144

NIST SP 800-144 “Guidelines on Security and Privacy in Public Cloud Computing”.

NIST SP 500-29x

NIST-SP 500-291 “NIST Cloud Computing Standards Roadmap”.

NIST-SP 500-292 “NIST Cloud Computing Reference Architecture”.

CSA CIR

Cloud Security Alliance (CSA) Cloud Incident Response (CIR) framework on this external link.

Cloud Security Control Frameworks

List of Cloud Security Control Frameworks:

  • CSA CCM

CSA CCM

The CSA Cloud Control Matrix (CSA CCM) aids in selecting and implementing appropriate controls for various regulatory frameworks for your baseline.

It can be checked on this external link.

Cloud Security Compliance

You can read more about cloud security compliance on this post.

Cloud Security Organizations

Organizations related to Cloud Security:

  • Cloud Security Alliance (CSA)
  • Cyber Risk Institute

Cloud Security Resources

Cloud Security resources featured on this post:

  • Cloud control matrix (CCM)
  • CIS Benchmarks for cloud
  • OWASP Cloud-native application security top 10

Cloud Control Matrix (CCM)

Cloud Control Matrix (CCM) by Cloud Security Alliance (CSA).

CIS Benchmarks for Cloud

CIS Benchmarks for cloud

Cloud Native Application Security Top 10

Cloud Native Application Security Top 10 was last updated in April 2022, as of 2024.

OWASP Cloud-Native Application Security Top 10 official website

Cloud Security Tools

You can find cloud security tools on this post.

Cloud Security Certifications for Professionals

CCSK. You can read a post about how to get the CCSK certificate.

Certified Cloud Security Professional (CCSP) by (ISC)2. You can read a post about how to get the CCSP certification.

Cloud Security Courses

SANS’ SEC549 Cloud Security Architecture official website

You might also be interested in…

External References

Leave a Reply

Your email address will not be published. Required fields are marked *