Inquiry icon

START A CONVERSATION

Share your requirements and we'll get back to you with how we can help.

Thank you for submitting your request.
We will get back to you shortly.

Double Down on Your Cloud Security Posture

Cloud computing, mobility, the Internet of Things—the technologies that vitalize business operations also make organizations vulnerable to new security challenges. Comprehensive risk management begins with an understanding of your security posture and putting in place effective control measures.

Define Your Security Posture in 3 Steps

Risk Tolerence

Identify critical resources and determine risk tolerance

An assessment of all the vital resources of your organization, such as data and critical functions that need to be protected is the first step. All exposure to the Internet is a risk, but exposure is necessary for business operations. Given this, it is important to assess how much risk each resource can stand. Similarly, considering that different levels of protection have different costs associated with them, the appropriate level of risk mitigation systems have to be put in place.

Cybersecurity Framework

Develop a cybersecurity framework

Identifying what to protect and how to protect takes us to the next step of the assessment: creating a cybersecurity framework. The framework consists of a set of cybersecurity-related standards, policies, and processes that will govern the security-related practices of your organization.

Security Posture

Assess your security posture

The cybersecurity framework facilitates the assessment of risks in relation to the changes in the system and helps you prepare for different known and unknown threats. We evaluate the maturity of your organization’s practices and conduct proactive testing (such as penetrating testing) to check your preparedness.

Why Defining Your Security Posture Is Important

Security threats are co-evolving with the IT infrastructure

  • Expanding security perimeter: Migration of applications to the cloud and an explosion in networked devices have extended the boundaries of enterprise infrastructure and increased the surface area of attack.
  • Complex infrastructure: Layers of technological artifacts accumulated over the years in the form of hardware, software, and policies have made security risks complex to unravel.
  • Widespread targeting: Exposure to the Internet puts every enterprise at risk, not just governments and financial services.
  • Sophisticated attacks: A variety of tactics involving social engineering, ransomware, and malware have made cyber attacks harder to detect, prevent, and contain.
  • Siloed approach to security: With every enterprise employing multiple products and vendors to achieve different ends, security as a function has become highly fragmented, heightening the risk.

To minimize risks to your business

  • Business continuity: It is hard for an organization that is not resilient to survive an attack. This is an ongoing challenge given how commonplace cyber attacks have become. Based on the severity of the attack, it can take anywhere between 512 hours and 1200 hours for organizations to recover.
  • Data security: Data breaches, such as loss of protected information or money, have serious consequences for both business credibility and legal compliance. The most devastating aspect of data breaches is that they are often detected after the damage is done.
  • Financial impact: The financial implications of cyber attacks can be anything from lost business to the high detection, notification and recovery costs depending on the size of the breach and the organization and the industry type. No organization has infinite resources at its disposal. Risk management goals have to be achieved considering various tradeoffs and without draining the resources.
  • Regulatory compliance: Many countries and industries have regulatory frameworks to comply with, for instance, HIPAA for safeguarding medical information in the US, GDPR for private data protection in the EU, and so on.

Our Guiding Principles in Cybersecurity Management

Defense in Depth

Immunity from attacks is impossible, but a layered defense can delay or make it harder for attack vectors to gain access to critical IT infrastructure and data.

Principle of Least Privilege

For each component in the system, only a minimum level of access is provided. A clear understanding of access requirements helps define access privileges.

Cybersecurity Management

*This is a general model. Practices are adapted according to the environment.

Principle of Least Privilege

For each component in the system, only a minimum level of access is provided. A clear understanding of access requirements helps define access privileges.

Defense in Depth

For each component in the system, only a minimum level of access is provided. A clear understanding of access requirements helps define access privileges.

Putting Security into Practice

Securing Containerized Services

Securing Containerized Services

Containers are increasingly becoming an important part of enterprise applications. They help to build immutable infrastructures. Immutability makes it difficult for attack vectors to access a container and modify it in such a way that a backdoor is created. Immutability also makes updating a container easy. In case a security vulnerability is identified in one container, it can be replaced and the threat can be limited to that container.

Containers have only a minimum number of software components, which reduces the surface area of attack. Also, the entry and exit points of each container are defined clearly. By following the principle of least privilege, a container’s access to various resources can be limited to those necessary for it to function.

But container security is only as good as the security practices that are followed:

Container running as root: A container running as the root user is as insecure as any application with root privilege. Container technology does not create a trust boundary. Organizations need to be aware of this when they deploy containerized applications. The practice of running containers with specific users and groups in the system should be followed.

Image provenance: Any application is only as secure as the image on top of which it is built. Image identification and trust mechanisms are important to secure container-based infrastructure. Having a private authenticated repository that makes use of certificates and digital signatures helps. Repository of trusted images are kept encrypted and audit is held on the repository to ensure compliance with security processes.

Security testing: Any image should also undergo security testing before being deployed to the environment. Ideally, the security tests should be a part of the CI/CD pipeline, and run similar to how unit tests do. Only if the built image passes the security tests should the pipeline deploy the container to your stack.

Containers vs Virtual Machines: A Security Perspective

Containers do not provide as much isolation as virtual machines. In virtual machines, the guest operating systems do not share a single kernel and the systems can have different security profiles. There is little chance of weakness in one affecting another. Containers, however, provide a powerful means of isolating applications that otherwise share the same host and security profile.

Containers ensure isolation of applications using some of the functionalities provided by the Linux kernel for process isolation. However, many aspects of the processes (such as a user namespace) are not isolated in the Linux kernel. This makes container isolation mechanism a vulnerable attack surface. An attacker who gains access to a container can exploit vulnerabilities of container runtime to affect other containers or the host.

Mandatory Access Control as Defense

Mandatory Access Control as Defense

Constraining an application’s ability to access or perform an operation on other resources such as a network port or file devices can be constrained through mandatory access control. In the context of containers, access control limits a container’s ability to affect the host or other containers.

Devising appropriate policies with any of the two MAC systems SELinux or AppArmor helps contain an attack even when the attacker is able to exploit the service provided by one of the containers. Depending on the level of security and flexibility needed, we help you choose the appropriate MAC tool. Linux kernel can also be used to restrict container applications in the place of MAC.

Securing the Boundary

Securing the Boundary

Firewalls provide the first level of security to all Internet-connected applications and services. With the advent of cloud infrastructure, additional security hardening mechanisms like Virtual Private Cloud (VPC) are available. VPCs allow you to create a set of computing resources connected through Virtual Private Networks with only certain nodes exposed to the Internet. Network rules can be created between these nodes to prevent a breach. Quite often, the focus is on network access from the outside. It is equally important and useful to restrict outgoing traffic from each computing resource. Systematic isolation can be achieved by creating subnets in VPCs.

Securing Container Runtime and Platform

Securing Container Runtime and Platform

In the case of virtual machines and containers, the security of the host is also a concern. Vulnerabilities in the host platform or runtime can lead to breach across containers.

Using fully loaded systems can increase the attack surface in both cases. The isolation that virtual machines or containers provide is not on par with bare metal servers. Technologies like gVisor from Google provide an additional layer of security. All of this points to the need to devise your security strategy carefully.

Securing Data

Securing Data

All communication between machines should be cryptographically secured using Transport Level Security (TLS) protocol. To the extent possible, communication should be through a private IP. Data at rest should be encrypted using AES-256 and proper data management practices should be followed. This will help you comply with privacy policies and contractual obligations.

API Key Handling

API Key Handling

With the rise in the microservice model of application deployment, API keys have become a source of risk. They are often handled in an insecure manner. Once a service is breached and the key to other services used by the breached service is visible to the attacker, it leads to a cascade of breaches. It is very common to find deployment script with API keys getting exposed over version control systems.

Securing Containerized Services

Containers are increasingly becoming an important part of enterprise applications. They help to build immutable infrastructures. Immutability makes it difficult for attack vectors to access a container and modify it in such a way that a backdoor is created. Immutability also makes updating a container easy. In case a security vulnerability is identified in one container, it can be replaced and the threat can be limited to that container.

Containers have only a minimum number of software components, which reduces the surface area of attack. Also, the entry and exit points of each container are defined clearly. By following the principle of least privilege, a container’s access to various resources can be limited to those necessary for it to function.

But container security is only as good as the security practices that are followed:

Container running as root: A container running as the root user is as insecure as any application with root privilege. Container technology does not create a trust boundary. Organizations need to be aware of this when they deploy containerized applications. The practice of running containers with specific users and groups in the system should be followed.

Image provenance: Any application is only as secure as the image on top of which it is built. Image identification and trust mechanisms are important to secure container-based infrastructure. Having a private authenticated repository that makes use of certificates and digital signatures helps. Repository of trusted images are kept encrypted and audit is held on the repository to ensure compliance with security processes.

Security testing: Any image should also undergo security testing before being deployed to the environment. Ideally, the security tests should be a part of the CI/CD pipeline, and run similar to how unit tests do. Only if the built image passes the security tests should the pipeline deploy the container to your stack.

Containers vs Virtual Machines: A Security Perspective

Containers do not provide as much isolation as virtual machines. In virtual machines, the guest operating systems do not share a single kernel and the systems can have different security profiles. There is little chance of weakness in one affecting another. Containers, however, provide a powerful means of isolating applications that otherwise share the same host and security profile.

Containers ensure isolation of applications using some of the functionalities provided by the Linux kernel for process isolation. However, many aspects of the processes (such as a user namespace) are not isolated in the Linux kernel. This makes container isolation mechanism a vulnerable attack surface. An attacker who gains access to a container can exploit vulnerabilities of container runtime to affect other containers or the host.

Mandatory Access Control as Defense

Constraining an application’s ability to access or perform an operation on other resources such as a network port or file devices can be constrained through mandatory access control. In the context of containers, access control limits a container’s ability to affect the host or other containers.

Devising appropriate policies with any of the two MAC systems SELinux or AppArmor helps contain an attack even when the attacker is able to exploit the service provided by one of the containers. Depending on the level of security and flexibility needed, we help you choose the appropriate MAC tool. Linux kernel can also be used to restrict container applications in the place of MAC.

Securing the Boundary

Firewalls provide the first level of security to all Internet-connected applications and services. With the advent of cloud infrastructure, additional security hardening mechanisms like Virtual Private Cloud (VPC) are available. VPCs allow you to create a set of computing resources connected through Virtual Private Networks with only certain nodes exposed to the Internet. Network rules can be created between these nodes to prevent a breach. Quite often, the focus is on network access from the outside. It is equally important and useful to restrict outgoing traffic from each computing resource. Systematic isolation can be achieved by creating subnets in VPCs.

Securing Container Runtime and Platform

In the case of virtual machines and containers, the security of the host is also a concern. Vulnerabilities in the host platform or runtime can lead to breach across containers.

Using fully loaded systems can increase the attack surface in both cases. The isolation that virtual machines or containers provide is not on par with bare metal servers. Technologies like gVisor from Google provide an additional layer of security. All of this points to the need to devise your security strategy carefully.

Securing Data

All communication between machines should be cryptographically secured using Transport Level Security (TLS) protocol. To the extent possible, communication should be through a private IP. Data at rest should be encrypted using AES-256 and proper data management practices should be followed. This will help you comply with privacy policies and contractual obligations.

API Key Handling

With the rise in the microservice model of application deployment, API keys have become a source of risk. They are often handled in an insecure manner. Once a service is breached and the key to other services used by the breached service is visible to the attacker, it leads to a cascade of breaches. It is very common to find deployment script with API keys getting exposed over version control systems.

Minimize Risks with a Trusted Partner

Embrace the cloud with confidence. Our comprehensive cloud security services have you fully covered.

  • Security assessment: Identify critical resources, security loopholes, and compliance issues.
  • Security monitoring: Track and signal unusual activity on your networks.
  • Incident response management: Defend your critical resources from more incidents.
  • Cloud security management: Implement a layered defense for tighter security.
  • Cloud endpoint security: Increase visibility and improve protection for endpoints.

Worried about cloud security?