Part of any cloud migration planning is the process of identifying and classifying data across the entire business.From a security perspective this exercise helps to inform the business about what levels of security need to apply to maintain the CIA triad of security.
|1||Confidentiality||what data will harm the business if it is made available to non authorised users|
|2||Integrity||what data will harm the business if it is destroyed, altered, lost|
|3||Availability||what data will harm the business if it is unavailable when required|
|Foundation||Least privilege||minimal access to data that is required to fulfil role|
|Define objectives of data security||regulatory requirement, general security, business strategy|
|define types of data||line of business database, CRM database, working templates/forms, logs|
|Define use cases for data||how is data used, what is its life-cycle|
|Identify||where, what is the data?|
|Assess||what security controls should apply?|
|Validate||do security controls work as expected?|
|Monitor||visibility of changes to data and data sources and controls|
A simple but straigtforward approach is to define a risk category such as:
low, medium, high risk (or 0,1,2)
then create a matrix with headings of Data,Confidentiality,Integrity,Availability,High Watermark and a list of data types for the rows.
It is not a good use of resources to apply the same level of security to all data but it is more efficient to focus on data that is identified as high value to the business. A matrix can help to identity which data should have the highest focus and greatest effort for protection.
Build defence in depth with multi-layers of protection on the reasoning to prevent an attacker from getting in.
The Internet brings continuous global connectivity. Email attachments mean that an attacker can enter the network at any time. It is not a question of how to prevent an attack but that an attack will occur. Businesses need to make sure that the blast radius is contained to the least possible degree by making it as difficult as possible to gain access beyond the entry point, by slowing down and impeding further penetration, and by creating sufficient warning alerts until additional resources can be applied as backup
|1||Confirm security controls are working effectively in current state (Quality Assurance process)|
|2||Track effectivesness of security controls as environment changes (Testing, dashboards, monitoring)|
|3||Ensure changes do not take systems and applications out of compliance (Audits, monitoring)|
|4||Easily provide reports to be consumed buy business owners and auditors|
Analyse event data in real time. Mostly driven by logs but also use metrics. Detects targeted attacks and data breaches. Allows users to collect, analyse, store, investigate, report on log data for : Incident response Forensics Regulatory compliance.
Logs to be collected in one place where they are unable to be viewed or altered by non authorised users (who did not originate the data). Summary dashboard, Security rules, Tags to identify resources, Able to trace to an IP address, Investigation drill down capability, Threat intelligence ML to define normal and abnormal behaviour, Alerts, Integration to other systems.
Follow this link to download Open Source Security Controls
If commercial security, SIEM offerings with a focus towards serverless deployments are of interest, I am currently evaluating five products and will publish a comparison/review on this website soon. If you want to be advised when the review is available you can use this contact form.. The products are from Lumigo Puresec Blue Matador Thundra and Dashbird
|Dashbird||Monitors serverless apps||AWS||Yes|
|Puresec||Now owned by Palo Alto Networks. Serverless security platform with data import/export protection.||AWS Azure Google Cloud IBM Cloud||Yes|
|Lumigo||Serverless monitoring system and troubleshooting platform||AWS||Yes|
|Blue Matador||Automated alerts, monitoring dashboard, looks awesome||AWS Microsoft Azure kubernetes||Yes|
|Thundra.io||Automated alerts, monitoring dashboard, looks awesome||AWS||Yes|
Written by Andrew Plater on 11 th October 2019