Cloud security is critical in this day and age because it protects data and applications on public and private cloud platforms. It accomplishes this by applying cybersecurity practices and programs to organizational cloud infrastructures, tackling traditional cybersecurity issues and new challenges related to cloud environments.
为本页的目的, 我们将重点讨论公共云平台的安全问题, since the challenges of private cloud more closely align to traditional challenges in cybersecurity.
Cloud computing is the on-demand availability of computer system resources without direct active management by the user. The term describes data centers that are available to many users over the internet, so that organizations can better leverage mobile technologies and big data as well as gain a competitive advantage.
Cloud platform providers are responsible for safeguarding their physical infrastructure and the basic computing, 网络, 存储, 以及他们提供的网络服务. 然而, their customers retain most or all of the responsibility for protecting their applications, 监控活动, 确保安全工具的正确部署和配置. 这种责任分工被称为 责任分担模式. 这意味着客户要应对:
云安全解决方案 允许组织利用这种灵活性, 可伸缩性, 开放, and reduced operating costs of today’s cloud platforms without endangering confidential data, 法规遵从性, 或持续的业务运营.
云安全的好处包括:
Amazon Web 服务 (AWS) offers a feature-rich environment for hosting and managing workloads in the cloud. What are some of the ways that organizations can strengthen cloud security for workloads hosted on AWS?
了解更多关于 AWS云安全
Security teams can use a 漏洞管理解决方案 to discover and assess EC2 instances and scan them for 漏洞, 配置错误, 违反政策.
A 动态应用程序安全测试 solution can 测试 web apps to discover 漏洞 in the OWASP Top Ten and other 攻击 and potential violations of PCI DSS and other regulations. 当DAST解决方案与DevOps工具(如Jenkins)集成时, security 测试ing can be triggered at specified milestones in the development process to ensure that 漏洞 and violations are detected and fixed before code is put into production.
检测攻击和数据泄露的迹象, a SIEM solution can be integrated with the management and security services provided by Amazon. 这包括访问由AWS CloudTrails和CloudWatch创建的日志, 以及VPC (Virtual Private Cloud)流日志等服务, 和Amazon Route 53 DNS日志.
SIEM解决方案 designed to work with cloud platforms can enrich this log data with additional context from other sources (including 端点(本地系统和其他云平台),标志 妥协指标, and use advanced security analytics to detect 攻击 early and remediate quickly.
Security alerts from AWS GuardDuty and other AWS services can be fed directly to a SIEM, allowing the enterprise security team to quickly investigate and respond.
Microsoft Azure is a powerful, flexible, scalable platform for hosting workloads in the cloud. 组织如何增强运行在Azure上的工作负载的安全性?
了解更多关于 Azure云安全
A 漏洞管理解决方案 can use Azure 发现y Connection to discover and scan virtual machines and other assets as soon as they are spun up in an Azure environment. 扫描可以发现漏洞, 配置错误, 违反政策, 以及其他安全风险. It may be possible to import Azure tags and use them to organize assets into dynamic groups that can be assessed and reported on selectively.
最后的解决方案 可以与Azure DevOps pipeline集成吗, allowing it to automatically launch scans for 漏洞 at each stage in Continuous Integration and Continuous Deployment (CI/CD)workflows. This helps enterprises eliminate 漏洞 from web applications early in the development process, 当它们最容易修复的时候.
SIEM解决方案 能否与Azure事件中心一起工作, which aggregate cloud logs from important Azure services such as Azure Active 导演y, Azure监控, Azure资源管理器(ARM), Azure安全中心, 和Office365. SIEM可以从Azure Event Hubs实时获取日志数据, 将它的日志数据与来自端点的信息结合起来, 网络, 本地数据中心, 以及其他云平台, 并执行发现网络钓鱼攻击的分析, 活跃的恶意软件, 使用被破坏的凭证, 攻击者的横向移动, 还有其他证据 攻击.
Azure安全中心也会生成警报, 但缺乏数据丰富, 分析, 和完整SIEM的工作流特性. 然而, security teams can arrange to send Security Center alerts directly to a SIEM solution to take advantage of those advanced capabilities.
Cloud security is not just about providing security for separate cloud platforms independently. 而, 这是一个捕捉的问题, 关联, 分析, and acting on all the security data generated by the organization and its cloud service providers.
With today’s microservice-based apps and hybrid and multi-cloud architectures, applications can be spread across several cloud platforms and 本地数据中心. The need for cloud security comes from advanced 攻击 that often start with 端点 or web apps and then move across multiple computing environments. Attacks against one cloud platform are often followed by the same type of attack against other cloud platforms.
出于这些原因, it is essential that organizations use security solutions that provide visibility and monitoring across their entire IT footprint, 包括多个云平台和本地数据中心.
2022 Cloud Misconfigurations Report: La测试 云安全 Breaches and Attack Trends