What’s the difference between on-premises and cloud security threat modeling approaches? Both can help protect against cloud threats and have distinct benefits and risks.
The latest tech developments are happening here in the cross-section of cybersecurity and cloud security. More and more treasured data is being kept and used to make data-driven decisions. So, defending data against internal threats, malware vulnerabilities and unwanted external access is paramount. Advanced cloud security approaches such as threat modeling in the cloud and other software-as-a-service-based solutions can help. They allow your organization to recognize and circumvent threats to key software and data center components of your IT infrastructure.
Two main hosting options
There are two main options for hosting: on-premises servers or in the cloud with a third-party cloud service provider (CSP) using application programming interfaces (APIs). Some defense concerns arise in general for the cloud computing environment. Organization cybersecurity leaders need to consider these when applying threat models in the cloud environment. For example, you’ll have to think about multitenancy and secure data transmission. Data is no longer maintained in data center systems, but now at the CSP. So, the attack surface increases. You have less control over your threat modeling in the cloud, too. Securing data and functions with cryptographic key management techniques involves both the CSP and the cloud tenants. The threat model should judge the threats by taking into account the two-party involvement in cryptographic key exchange and storage, which can introduce problems.
Identity and access management (IAM) also plays an essential role in securing access to public cloud resources. It offers a way for user access provisioning and de-provisioning to specific resources. In addition, IAM with role-based access control can mitigate high risks, such as sharing credentials, with the help of defensive best practices in the cloud.
Which threat modeling approach is right for you?
So, you can see the differences between an on-premise and a CSP. Which path is the correct one for you? This depends entirely on your needs and the design architecture of your enterprise. Take into account your deployment model, cost, control, security and compliance needs.
Any study of information system security resources must reflect the threats and vulnerabilities of the systems that may imperil the enterprise environment. Threats exploit vulnerabilities in the system to increase the risk of system resources or data. Data owners need to use the correct tools to mitigate known vulnerabilities and reduce exposure to an explicit threat or class of threats. Using a threat-based approach in public clouds is paramount in finding out what threats can be thwarted and which continue to exist.
STRIDE threat modeling
A popular approach is called the STRIDE threat modeling methodology. It can be employed for both on-premises and cloud environments.
STRIDE is used to classify the objectives of attacks in both environments. Data owners can apply it at the design level of systems to address spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege threats. Public cloud infrastructure faces similar threats to the on-premises data center network.
Thus, using the STRIDE threat model exposes threats that exist both on-premises and in the cloud. However, the use of the public cloud adds unique threats to the customer enterprise. It introduces lack of control, less visibility into resources and operations and undeveloped compliance requirements.
Threat modeling is just as important for the cloud as it is for on-premise infrastructure. Under the shared responsibility model, your enterprise is still responsible for the data and content within the CSP environment. To limit the exposure of your data, you should reduce the risk with on-premise data center cybersecurity best practices and controls.
Threat modeling: An ongoing process
Putting a cloud security-based threat model in place is an ongoing process. Any threat model process document should be a live document you can modify as needed. This is even more important when using cloud hosting. After all, cloud modeling provides rapid elasticity, scalability, on-demand access and other features like broad network access.
A cloud computing environment may introduce more threats beyond STRIDE. Any enterprise working on securing their apps and resources needs to consider these, as well. A threat model should include a methodology that trusts CSPs in their respective areas of accountability and reflects known or modified threats.
Organizations migrating their computer systems from a more traditional on-premises network to a cloud-based model must consider the different classes of threats. Any computer network and infrastructure face different threats when data is in transit, at rest and in use. They must also consider the impacts resulting from the cloud’s unique traits.
The Cloud Security Alliance, the European Union Agency for Cybersecurity and other groups have developed formal lists of threats to the cloud. These include:
- Data breach risks
- Insufficient due diligence
- Unauthorized use of instances (e.g., vCPU, vMem) to execute tasks
- Compromised virtual machines/devices used to execute attacks against other machines
- Distributed denial of service attacks
- Potential vulnerabilities in CSP code/resources infrastructure environment
- Potential problems in virtualization security (improper execution of isolation techniques leading to inter-device/guest hops level attacks, such as virtual machine sprawl/escaping)
- User access management
- Data access controls in cloud environments.
Securing your cloud data
Cloud computing and on-premises security are key steps when moving some or all of your computing applications or network to the cloud. The network/infrastructure security team should apply threat modeling and classify and apply mitigation approaches tailored to your unique case and needs.
In addition, you can use threat models for the cloud to help identify monitoring, logging and alerting needs in an efficient way with reduced cost. In the future, you might want to apply the threat model and add a monitoring and logging architecture that can be deployed in the existing cloud computing environment with greater security of data and resources. That’s why it’s important to make sure your IT teams thoroughly understand the security features that influence the differences between on-premises and cloud environments.
Senior Security Architect, IBM