December 13, 2023 By Ramandeep Kaur
Megha Sasidhar
5 min read

Cloud computing has become an integral part of IT infrastructure for businesses of all sizes, providing on-demand access to a wide range of services and resources. The evolution of cloud computing has been driven by the need for more efficient, scalable and cost-effective ways to deliver computing resources.

Cloud computing enables on-demand access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) over the internet. Instead of owning and maintaining physical hardware and infrastructure, users can leverage cloud computing services provided by third-party providers.

Cloud service and deployment models

Cloud computing is commonly categorized into service and deployment models:

Service models

  1. Infrastructure as a Service (IaaS): Provides virtualized computing resources over the internet. Users can rent virtual machines and storage and networking components.
  2. Platform as a Service (PaaS): Offers a platform that includes tools and services for application development, testing and deployment. Users can focus on building applications without managing the underlying infrastructure.
  3. Software as a Service (SaaS): Delivers software applications over the internet on a subscription basis. Users access the software through a web browser without worrying about installation or maintenance.

Deployment models

  1. Public cloud: A third-party cloud service provider owns and operates resources and makes them available to the general public. Some providers include Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform.
  2. Private cloud: A single organization exclusively uses resources. Either the organization or a third-party provider can manage the infrastructure, which can be located on-premises or off-site.
  3. Hybrid cloud: Combines public and private cloud models to allow data and applications to be shared between them. This provides greater flexibility and optimization of existing resources and infrastructure.

4 common cloud attack scenarios

Unfortunately, every rapidly growing industry attracts not only enthusiastic entrepreneurs but also malicious actors whose goal is to take advantage of any security holes that would be unable to defend against various attacks. Here are some examples of common attack scenarios in the cloud.

1. DDoS attacks

A distributed denial of service (DDoS) attack occurs when a web application is overloaded with a high volume of traffic. DDoS protection services, like AWS Shield, can mitigate such attacks.

AWS Shield uses machine learning algorithms to analyze incoming traffic, identify patterns indicative of a DDoS attack and take action to stop the attack.

2. Data breaches

A data breach involves exploiting vulnerabilities to access and exfiltrate sensitive data. But regularly updating software, encrypting sensitive data, monitoring for unusual activity and building a good incident response can help prevent data breaches.

Below is an incident response example code (AWS Lambda for Incident Response) in Python (Boto3 is a Python software development kit [SDK] for AWS).

3. Man-in-the-middle attacks

A man-in-the-middle (MitM) attack occurs when communication between two parties is intercepted for malicious intent. The use of encryption (SSL/TLS) and implementing secure communication protocols can help prevent a MitM attack. Without encryption, data transmitted over the network can be intercepted.

The code below is an example of encrypting S3 Objects with AWS SDK for Python-Boto3.

4. Brute force attacks

A brute force attack is a hacking method that uses trial and error to crack passwords, login credentials and encryption keys. It is a simple yet reliable tactic for gaining unauthorized access to individual accounts and organizational systems and networks.

AWS CloudWatch Alarms can provide logging and monitoring services where repeated login attempts might go unnoticed.

Cloud configuration security best practices

Security in cloud computing involves implementing measures to protect data, applications and infrastructure in a cloud environment from potential threats. Here are some best practices in key areas of cloud configurations in AWS and Azure associated with securing cloud environments.

 AWS

 Identity and access management (IAM):

  • Use the principle of least privilege when assigning permissions to users, roles and groups
  • Regularly review and audit IAM policies to align with business requirements
  • Enable multi-factor authentication (MFA) for enhanced user authentication.

Example AWS IAM policy:

If IAM policies are not properly configured, an attacker might gain access to sensitive resources.

VPC (virtual private cloud) configuration:

  • Utilize separate subnets for public and private resources.

 Example code (AWS CloudFormation):

S3 Bucket Security:

  • Regularly audit and review access controls for S3 buckets
  • Enable versioning and logging to track changes and access to objects
  • Consider using S3 bucket policies to control access at the bucket level
  • Enforce server-side encryption for S3 buckets.

Example code (AWS CLI):

Azure

Azure role-based access control (RBAC):

  • Assign the principle of least privilege using Azure RBAC.

 Example code (Azure PowerShell):

Azure Blob storage security:

  • Enable Blob storage encryption.

 Example code (Azure PowerShell):

 Azure virtual network:

  • Implement network security groups (NSGs) for access control.

 Example code (Azure Resource Manager Template):

Keeping digital assets secure in the cloud

Securing cloud configurations is essential to safeguard digital assets and maintain a resilient cybersecurity posture. Organizations should focus on continuous monitoring, compliance checks and proactive incident response planning to address the dynamic nature of cyber threats in the cloud.

In addition, implementing the principles of least privilege, encryption, identity and access management and network security best practices not only protects the cloud environment against potential vulnerabilities but also contributes to a culture of security awareness and responsiveness within the organization.

As cloud computing continues to evolve, organizations should commit to staying ahead of emerging security challenges and adapting configurations to maintain a resilient and secure digital presence.

Not sure how to start? IBM Security has a range of cloud security services to protect your cloud environment.

More from Cloud Security

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

New cybersecurity sheets from CISA and NSA: An overview

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA) have recently released new CSI (Cybersecurity Information) sheets aimed at providing information and guidelines to organizations on how to effectively secure their cloud environments.This new release includes a total of five CSI sheets, covering various aspects of cloud security such as threat mitigation, identity and access management, network security and more. Here's our overview of the new CSI sheets, what they address and the key takeaways from each.Implementing…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today