OCI’s native capability to obtain packet capture and monitor flow data between components Each compute instance in a VCN has one or more Virtual Network Interface Cards (VNICs). The OCI Networking service uses Security Lists to determine what traffic is allowed through a given VNIC. The VNIC is subject to all rules in all security…
Category: cloudsecurity
The Cloud Management Plane
The management plane controls the entire infrastructure. Parts of it will be exposed to customers independent of network location, so it is a prime resource to protect. Its graphical user interface, command line interface (if any), and API need to have stringent and role-based access control. In addition, logging of all relevant actions in a…
Secure Installation and Configuration of Virtualized Cloud Datacenters
Secure configuration of the virtualization management toolset is one of the most important steps when building a cloud environment. A compromise of the management tools may allow an attacker unlimited access to the virtual machine, the host, and the enterprise network. Therefore, the management tools must be securely installed and configured and adequately monitored. NOTE:…
Cloud Datacenter: Hardware-specific Security Configuration Requirements
The data center should have hardware and virtualization protections at the component level. Virtual private cloud (VPC) protection is a fundamental protection in public cloud consumption as well as a key attribute of security groups. Hardware-based tools that include Trusted Platform Modules also feature in the suite of logical and physical data center security. Best…
Countermeasure Strategies: Cyber Kill Chain
In the world of cybersecurity nefarious acts are often caught after the exploitation of systems has occurred. Depending on the gravity of the exploitation, it can lead to thorough investigations that may be operational (within an organization), criminal, and tort (recovery of financial damages). The findings of the investigation can lead to an assessment that…
Countermeasure Strategies: Zero Trust Model
Before an organization selects specific technology and service solutions, they first need to contemplate a complete enumeration of imperative or critical business functions/services and what threats exist to resiliency of those functions/services. The adoption of a strategy to combat those threats may not mean selecting a specific tool but rather may mean adopting a selected…
Risks Related to the Cloud Environment: Vulnerabilities, Threats, and Attacks
Knowing the top threats to cloud computing, allows an organization to reduce attack surfaces by selecting appropriate countermeasures. Strategies like a Zero Trust architecture and imagining the cyber “kill chain” before an incident occurs can lead to successful protection. As the commoditization of cloud services increases, so does the attention and capability of criminal enterprises…
Secure Cloud Data Center Design – Part 1
Secure cloud data center design begins with a logical design that then leads to physical design. ISO/IEC 19441:2017 provides illumination on two key concerns related to data in a data center, namely portability and interoperability. The basic environmental protection concerns within a data center are evolving to include concerns outside of the data center. Logical…
Data Security on the Cloud
Data stored in the cloud replicates, moves, and is backed up and restored just as non-cloud data is. However, the dynamic and elastic nature of the cloud can present unique challenges when looking to build efficient data governance policies in the virtualized, multitenant environment of the cloud. From time to time, an organization needs to…
Cloud Data Encryption Architecture and Options
Encryption architecture is very much dependent on the goals of the encryption solutions, along with the cloud delivery mechanism. Protecting data at rest from local compromise or unauthorized access differs significantly from protecting data in motion into the cloud. Adding additional controls to protect the integrity and availability of data can further complicate the process….