The advent of cloud computing has revolutionized the way enterprises operate, offering managed servers, storage, and applications without the need for extensive in-house infrastructure. However, with the widespread adoption of cloud services, the importance of robust cybersecurity measures has escalated. Recognizing this, the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have collaborated to release five joint cybersecurity bulletins. These documents provide critical insights and best practices for securing cloud environments.
Understanding the Shift to Cloud Computing
Cloud services have not only become ubiquitous in the business world but also a staple for enterprise application developers. Many developers now offer both on-premise and cloud-hosted versions of their applications, significantly reducing the workload for corporate administrators. This shift underscores the need for stringent security measures in the cloud.
The NSA and CISA Guidance: A Five-Pronged Approach
The NSA and CISA have identified five key areas for securing cloud services, each detailed in a separate guide. Let’s delve into each of these areas.
1. Secure Cloud Identity and Access Management Practices
One of the primary cybersecurity information sheets (CSI) focuses on threats to cloud identity management. It advocates for employing best practices to mitigate these threats, emphasizing the importance of multi-factor authentication (MFA), secure credential storage, and privilege partitioning.
2. Secure Cloud Key Management Practices
This guide outlines key management options and best practices for using cloud Key Management Solutions (KMS). It underscores the importance of understanding and documenting shared security responsibilities, referring to NSA’s CSI on upholding the cloud shared responsibility model.
3. Implement Network Segmentation and Encryption in Cloud Environments
Differing significantly from on-premises networks, this CSI recommends best practices for implementing network segmentation and data encryption in cloud environments, leveraging the inherent features of cloud technologies.
4. Secure Data in the Cloud
This CSI provides an overview of cloud storage and common practices for securing and auditing these systems. It covers encrypting data at rest, protecting data from unauthorized access, and establishing backup and recovery plans.
5. Mitigate Risks from Managed Service Providers in Cloud Environments
In light of high-profile incidents like the Kaseya REvil ransomware attack, this guide focuses on securing corporate accounts used by Managed Service Providers (MSPs), auditing their activities, and negotiating agreements.
The Broader Context: Threat Actors and Cloud Services
Threat actors often target cloud services for their valuable data and potential access to internal networks. For instance, Microsoft’s 2021 report highlighted the activities of the Russian Nobelium threat actors in targeting cloud services and MSPs. To combat such threats, tools like CISA’s ‘Untitled Goose Tool’ have been developed to aid in detecting attacks on Azure cloud services, demonstrating the ongoing efforts to secure cloud environments.
In Conclusion
While many IT professionals might be familiar with the concepts outlined in these CSIs, the rapidly evolving nature of cyber threats makes it imperative to stay updated with the latest best practices. The NSA and CISA bulletins serve as a crucial resource in strengthening cloud security and protecting against sophisticated cyber threats.