Cloud computing has revolutionized how information technology resources and services are used and managed by accelerating innovation and collaboration; however, this revolution comes with a greater attack surface and increased security risk (Bello et al., 2021). Cloud security, which involves using various technologies to secure cloud computing environments against external and internal threats, relies heavily on the internet and virtualization security. This is because virtualization is the backbone technology that powers cloud computing.

Every cloud service model depends on virtual machines (VMs). However, the responsibility of managing the VMs depend on the cloud service model in use; software as a service (SAAS), platform as a service (PAAS), Infrastructure as a service (IAAS), given the shared responsibility characteristics of the cloud platform. Thus, securing the cloud infrastructure involves securing virtual machines (VMs), application programming interface (API), and the internet. Segmenting the virtual network is crucial because the cloud is a multi-tenant environment, especially with the public cloud infrastructure. Network segmentation ensures that specific resources are accessible only to specific applications and users. Better still is micro-segmentation, which applies security policies at the workload level, thereby creating granular secure zones that limit east-west movements within the network. Micro-segmentation is another vital technique in securing cloud data centers. It involves dividing the data center into smaller segments that allow security controls to be defined at granular levels, thereby bolstering the data center’s resistance to cyberattacks.

Apart from segmentation and micro-segmentation, tenant Isolation within the cloud environment is very important. The multi-tenant nature of SAAS solutions requires a significant effort to isolate tenant resources. Isolation separates independent workloads and applications running on the same network from each other to ensure the security of tenant resources (Agache et al., 2020). Also, the use of Virtual Private Clouds (VPC) within a public cloud infrastructure will provide more granular protection. VPCs facilitate IP address assignment and management, connect disparate cloud services, manage communication between VMs while servicing application firewalls and load balancers.

On the other hand, using security groups to perform IP address port filtering to and from a virtual machine instance through an access control list (ACL) for ingress and egress traffic is another way of implementing security in virtual and cloud environments. Application programming interface (API) is another critical aspect of cloud computing. This is because APIs facilitate application and end-users exchange of data and functionality with the cloud providers’ applications and services. Thus, using insecure APIs could have a devastating effect on cybersecurity of the cloud application or service. As a result, cloud customers should only use a library of APIs that have been adequately tested and approved.

The multi-tenant nature of the cloud environment, heavy dependence on the internet, and the use of APIs to access resources within the cloud, presents a particular need for cloud security techniques that are not required with on-premises IT infrastructures. Thus, to better protect virtual and cloud environments, cybersecurity frameworks like NIST 800-210: General Access Control Guidance for Cloud Systems, ISO/IEC 27017:2015: Information Technology-Security Techniques-Code of practice for information security controls based on ISO/IEC 270002 for cloud services are relevant guides. To simplify cloud security while ensuring compliance to various regulatory frameworks, the Cloud Security Alliance (CSA) has the Cloud Control Matrix (CCM), a cybersecurity control framework for cloud computing. CCM comprises 197 control objectives spanning 17 domains covering all critical aspects of cloud technology (Alliance, 2021).

References

Agache, A., Brooker, M., Iordache, A., Liguori, A., Neugebauer, R., Piwonka, P., & Popa, D.-M. (2020). Firecracker: Lightweight virtualization for serverless applications. 17th {usenix} symposium on networked systems design and implementation ({nsdi} 20),            

Alliance, C. S. (2021). Cloud Controls Matrix (CCM). Cloud Security Alliance (CSA). https://cloudsecurityalliance.org/research/cloud-controls-matrix/    

Bello, S. A., Oyedele, L. O., Akinade, O. O., Bilal, M., Delgado, J. M. D., Akanbi, L. A., . . . Owolabi, H. A. (2021). Cloud computing in construction industry: Use cases, benefits and challenges. Automation in Construction, 122, 103441. https://www.sciencedirect.com/science/article/pii/S0926580520310219            

Website | + posts