Cloud Models and Service Threats
Public Cloud
Purchased “as a service”, no on prem infrastructure
Global distributed infrastructure
Virtual resources, no access to hardware (with some exceptions)
Resources are shared among tenants
Pay per use, rented from CSP
Security in-transit and at rest?
Hardware, OS, and virtualization layer managed by CSP
Apps, data, security policies managed by you
Special categories: Community clouds, multiclouds.
Private Cloud
Virtualized, elastic, self service data center
Single tenancy. One owner, one user.
Full responsibility from hardware to data
Privacy, data localization requirements.
CAPEX – upfront investment
“Private” security, too.
Hybrid Cloud
Public + public
Reasons
Scalability for on prem resources
Can pick and choose specific services only
Regulations/compliance
More difficult security implementations
More difficult management and monitoring
Cloud Service Models
On Prem
You manage everything
IaaS
CSP: Networking, servers, storage, networking
Customer: OS, middleware, runtime, Data Applications
PaaS
CSP: Networking, Storage, Servers, Virtualization, OS, middleware, runtime
Customer: Applications, Data
SaaS
CSP: Networking, Storage, Servers, Virtualization, OS, Middleware, Runtime, Data, Applications
Customer: Configuration and backup is still your responsibility.
CASB – Cloud access Security Broker
Controls access to cloud services
Keeps track of user accounts, security policies, permissions
SSO between on-prem and cloud
Monitor user actions on cloud resources
Protects against data exfiltration
Modes of operation:
Forward proxy
Reverse proxy
API Based
Cloud Infrastructure Assessment Tools
ScoutSuite
Prowler
Pacu
Cloud digital forensics
Difficult forensics due to:
No access to the underlying hardware
No visibility onto where data is actually stored
Volatility of virtual resources
Chain of custody
Solution: Involve the CSP
Last updated