How to Succeed with Infrastructure Hardening: Cloud Security Fundamentals and Key Takeaways from DataArt's Webinar

On June 17, 2020 DataArt hosted a cloud security webinar entitled “How to Succeed with Infrastructure Hardening.” Security Competence Center experts gave their opinions on how to make the first steps in cloud hardening.
3/07/20
ALL articles
By Dmitry Vyrostkov
Security Services
Share
How to Succeed with Infrastructure Hardening: Cloud Security Fundamentals and Key Takeaways from DataArt's Webinar

During the webinar, DataArt’s Dmitry Vyrostkov, Chief Software Architect, and Yaroslav Vorontsov, Senior Security Consultant, covered the aspects related to shared responsibility in cloud security and compliance check automation. They also shared the approaches to cloud resources hardening, key differences in security requirements for on-prem and cloud infrastructures, installing software updates and vulnerability management after migrating to the cloud, and much more.

Yaroslav Vorontsov emphasized that keeping the cloud resources safe is a joint effort between a cloud customer and a cloud provider and noted that it is also essential to know the type of a cloud used – it could be IaaS (infrastructure), PaaS (platform), SaaS (software) or hybrid (with elements of IaaS, PaaS and SaaS). IaaS is used for computing nodes, PaaS is a good option for data storage (managed SQL), and SaaS is quite popular for SIEM and centralized logging. He also mentioned that a typical cloud environment should use Security in Depth approach and focus on multiple levels of security controls as real-world examples from DataArt security team's recent experience (more than 30 cloud account last year) show that environments are often a mixture of services.

The initial steps of cloud hardening were also enumerated during the webinar. They include:

  1. Using reference blueprints
  2. Building an inventory of tools
  3. Changing security defaults

Once a cloud client completed these three basic exercises, they can proceed further and start checking themselves against industry best practices. Yaroslav Vorontsov also reviewed the popular benchmarks such as CIS, TrendMicro, and CloudSploit and gave an overview of free cloud auditing tools that would give a real-time indication of a security posture within the cloud.

Dmitry Vyrostkov gave advice on specific steps a cloud customer needs to do to improve its security posture. Dmitry noted that one of the important aspects of cloud hardening is related to identity and access management, highlighting the fact the traditional network-based protection controls were superseded by identity-based perimeter protection measures. Dmitry mentioned that most of them, like strong password policies, MFA enforcement, credential disabling, and rotation are similar to traditional security policies of organizations, though clouds introduced a number of new controls, such as instance roles.

The importance of hardening computational resources was also emphasized during the webinar. The experts have also covered the topic of weak security configurations of data storages (like insufficient data in transit and data at rest protection controls) which led to a number of major data leaks and gave several practical advices on how to restrict the potential attack surface for the other cloud-based tools and services.

At the end of the webinar, the speakers unanimously agreed that cloud security should be a part of internal processes, like patch, vulnerability, and incident management.

Sign Up for Updates!

Subscribe now to receive industry-related articles and updates

Choose industries of interest
Thank You for Joining!

You will receive regular updates based on your interests. No spam guaranteed

Add another email address
Read more
Enterprise Security

Protect your Business and your Reputation

Learn more
Our Cloud Expertise

Optimize your cloud spending. Secure your cloud data. Learn how with DataArt’s cloud experts

Learn more
Sign Up for Updates!
Choose industries of interest
Thank You for Joining!

You will receive regular updates based on your interests. No spam guaranteed

Add another email address
Welcome
We are glad you found us
Please explore our services and find out how we can support your business goals.
Get in Touch