5 Key Cloud Security Use Cases
A use case typically describes a situation where and how a system, product or service can be used. This is usually a short list of steps an actor should take in order to reach a goal.
The concept of use cases is very broad. A use case could, for instance, cover the installation of a bumper bar on a car; in the security world, they usually cover an attack method or analysis. An example of a security use case covering an SQL attack is a step-by-step instruction of where an analyst can find data and which decisions to take: find the network logs at X, find the local application logs at Y, block the source at Z and escalate if needed.
There are many well-documented security use cases available online, ranging from ransomware outbreaks to insider fraud and data exfiltration. When it comes to cloud services, there are also some good opportunities, which are often based on the unique aspects of the cloud environments themselves.
Use Case 1: Privileged Account Access
By far the most important security control when it comes to cloud environments is account management. Not only do accounts need to be configured with the “least privileges” required to perform their duties, their usage also needs to be monitored at all times.
This is especially important for cloud platform administrative accounts. Imagine such an account being compromised: it would be trivial for an attacker to change firewall configurations or add services where needed.
Generic accounts such as “admin,” “administrator” or “root” should not be used, in order to enforce accountability. Unusual activity should be monitored and compared to scheduled changes.
Any access from regions outside the expected operational areas of an organization should be flagged and investigated. For instance, a login from Brazil to a cloud account of (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Frank Siemons. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/s0oFn2MU8hk/