Securing Cloud Applications, Users and Related Technologies
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> In this video, we're going over key points
00:01
regarding securing Cloud applications,
00:01
users, and related Cloud technologies,
00:01
pulling from domain 10, 12 and 14.
00:01
Cloud deployments are often greenfield in nature.
00:01
This provides you with an opportunity to
00:01
reevaluate the processes you
00:01
>> follow to develop software,
00:01
>> and ensure that security is baked into it.
00:01
It starts with secure design and development.
00:01
Of course, training your development staff,
00:01
training in the support staff to
00:01
incorporate secure design principles
00:01
such as threat modeling,
00:01
creating entitlement matrixes when
00:01
they're building the systems.
00:01
From that point, you have secure deployment.
00:01
This is the pipeline taking your
00:01
>> changes from development
00:01
>> through QA and into
00:01
eventually the production environments.
00:01
This is a great opportunity to integrate
00:01
human-based code reviews, automated security checkers,
00:01
Static Application Security Analysis,
00:01
we talked about dynamic application security analysis,
00:01
vulnerability assessments.
00:01
All of these methods should be configured
00:01
to work in the Cloud environment,
00:01
but also test concerns that you
00:01
have specific to cloud platforms,
00:01
such as stored API credentials, or hard-coded passwords.
00:01
Then finally, we get to the secure operation.
00:01
This is where you ensure you have good traceability.
00:01
If you're using infrastructure as code,
00:01
change management can be
00:01
realized not just at the application layer,
00:01
but all the way through the infrastructure
00:01
itself which is being defined in Cloud
00:01
making sure you've incorporated
00:01
external perimeter defenses such
00:01
as Web Application Firewalls,
00:01
and you have ongoing monitoring
00:01
and assessments taking place.
00:01
Application security changes in the Cloud.
00:01
By a starters, there's a higher baseline of
00:01
security just by the beer nature of
00:01
motivations that the providers have to make
00:01
sure what they're delivering is secure.
00:01
You have APIs.
00:01
In fact, you can more easily
00:01
create isolated environments by creating
00:01
completely separate cloud accounts for
00:01
your development environment
00:01
versus your production environment.
00:01
If one gets penetrated or compromised in some way,
00:01
it doesn't have a ripple effect.
00:01
From within each subscription you can further
00:01
isolate the Cloud resources,
00:01
leveraging, micro-segmentation.
00:01
You have greats amounts of elasticity.
00:01
You have the whole DevOps paradigm to
00:01
incorporate into your application security.
00:01
Some of the challenges though,
00:01
were the limited visibility that you get.
00:01
You don't manage the full stack, the physical stack,
00:01
you don't quite see some of
00:01
the traditional models and
00:01
methods for monitoring applications,
00:01
monitoring network security and so forth.
00:01
They don't apply in the Cloud paradigm.
00:01
The threat models around you are constantly
00:01
changing because you are in
00:01
a shared responsibilities model.
00:01
There's a variety of dependencies
00:01
as the provider continues
00:01
to upgrade things and alter
00:01
things without your direct knowledge.
00:01
Spend a good deal of time
00:01
talking about identity management,
00:01
making sure you have a formalized plan for how
00:01
you're going to manage identities in a Cloud environment.
00:01
Federation is a key technique to extend
00:01
your identity management capabilities
00:01
well outside your walls,
00:01
working with and integrating with other cloud providers
00:01
and doing so across the broad Internet networks.
00:01
Identity broker,
00:01
the hub-and-spoke model is
00:01
definitely a preferred approach.
00:01
Cloud hosted services for identity access management can
00:01
sync with your on-premise authoritative services,
00:01
to support backwards compatibility with
00:01
the corporate systems you've used to
00:01
manage identities in a pre Cloud world,
00:01
a suite of responsibilities
00:01
are shared between the provider
00:01
and the customer when we're dealing
00:01
with access management in the Cloud.
00:01
The provider needs to have basic capabilities in place.
00:01
They need to make sure that their
00:01
Cloud plan at the least,
00:01
and management infrastructures are enforcing
00:01
the authorization and access controls that
00:01
you as a consumer are going to configure.
00:01
It's also very helpful and powerful if
00:01
the provider can not just support
00:01
the concept of role-based access control,
00:01
but include attribute-based access control,
00:01
allowing you to define and configure entitlements and
00:01
prerequisites that can be a little
00:01
bit more situationally specific.
00:01
For example, if somebody is logging in to perform
00:01
administrative actions outside of your corporate network,
00:01
it may require multi-factor authentication.
00:01
Whereas if they're within the corporate network,
00:01
you're going to allow them to
00:01
perform those different actions
00:01
without requiring a multi-factor authentication.
00:01
To finalize the summary of identity access management,
00:01
we've talked about all the
00:01
different protocols that are out there.
00:01
There really are no magical protocols.
00:01
You need to determine the protocols you support.
00:01
You need to understand the protocols that
00:01
the Cloud provider supports,
00:01
and then examine your particular use cases
00:01
and the constraints to define what is
00:01
the right protocol to use to
00:01
manage identities in a distributed Cloud paradigm.
Up Next
Similar Content
