Cloud security is critical in this day 和 age because it protects data 和 applications on public 和 private cloud platforms. It accomplishes this by 应用ing cybersecurity practices 和 programs to organizational cloud infrastructures, tackling traditional cybersecurity issues 和 new challenges related to cloud environments.
为本页的目的, 我们将重点讨论公共云平台的安全问题, since the challenges of private cloud more closely align to traditional challenges in cybersecurity.
下载云错误配置报告 ▶︎
Cloud computing is the on-dem和 availability of computer system resources without direct active management by the user. The term describes data centers that are available to many users over the internet, so that organizations can better leverage mobile technologies 和 big data as well as gain a competitive advantage.
Cloud platform providers are responsible for safeguarding their physical infrastructure 和 the basic computing, 网络, 存储, 以及他们提供的网络服务. 然而, their customers retain most or all of the responsibility for protecting their applications, 监控活动, 确保安全工具的正确部署和配置. 这种责任分工被称为 责任分担模式. 这意味着客户要应对:
云安全解决方案 允许组织利用这种灵活性, 可伸缩性, 开放, 和 reduced operating costs of today’s cloud platforms without endangering confidential data, 法规遵从性, 或持续的业务运营.
云安全的好处包括:
Amazon Web 服务 (AWS) offers a feature-rich environment for hosting 和 managing workloads in the cloud. What are some of the ways that organizations can strengthen cloud security for workloads hosted on AWS?
了解更多关于 AWS云安全
Security teams can use a 漏洞管理解决方案 to discover 和 assess EC2 instances 和 scan them for 漏洞, 配置错误, 违反政策.
A 动态应用程序安全测试 solution can 测试 web apps to discover 漏洞 in the OWASP Top Ten 和 other attacks 和 potential violations of PCI DSS 和 other regulations. 当DAST解决方案与DevOps工具(如Jenkins)集成时, security 测试ing can be triggered at specified milestones in the development process to ensure that 漏洞 和 violations are detected 和 fixed before code is put into production.
检测攻击和数据泄露的迹象, a SIEM solution can be integrated with the management 和 security services provided by Amazon. 这包括访问由AWS CloudTrails和CloudWatch创建的日志, 以及VPC (Virtual Private Cloud)流日志等服务, 和Amazon Route 53 DNS日志.
SIEM解决方案 designed to work with cloud platforms can enrich this log data with additional context from other sources (including 端点(本地系统和其他云平台),标志 妥协指标, 和 use advanced security analytics to detect attacks early 和 remediate quickly.
Security alerts from AWS GuardDuty 和 other AWS services can be fed directly to a SIEM, allowing the enterprise security team to quickly investigate 和 respond.
Microsoft Azure is a powerful, flexible, scalable platform for hosting workloads in the cloud. 组织如何增强运行在Azure上的工作负载的安全性?
了解更多关于 Azure云安全
A 漏洞管理解决方案 can use Azure 发现y Connection to discover 和 scan virtual machines 和 other assets as soon as they are spun up in an Azure environment. 扫描可以发现漏洞, 配置错误, 违反政策, 以及其他安全风险. It may be possible to import Azure tags 和 use them to organize assets into dynamic groups that can be assessed 和 reported on selectively.
最后的解决方案 可以与Azure DevOps pipeline集成吗, allowing it to automatically launch scans for 漏洞 at each stage in Continuous Integration 和 Continuous Deployment (CI/CD)workflows. This helps enterprises eliminate 漏洞 from web applications early in the development process, 当它们最容易修复的时候.
SIEM解决方案 能否与Azure事件中心一起工作, which aggregate cloud logs from important Azure services such as Azure Active 导演y, Azure监控, Azure资源管理器(ARM), Azure安全中心, 和Office365. SIEM可以从Azure Event Hubs实时获取日志数据, 将它的日志数据与来自端点的信息结合起来, 网络, 本地数据中心, 以及其他云平台, 并执行发现网络钓鱼攻击的分析, 活跃的恶意软件, 使用被破坏的凭证, 攻击者的横向移动, 以及其他袭击的证据.
Azure安全中心也会生成警报, 但缺乏数据丰富, 分析, 和完整SIEM的工作流特性. 然而, security teams can arrange to send Security Center alerts directly to a SIEM solution to take advantage of those advanced capabilities.
Cloud security is not just about providing security for separate cloud platforms independently. 而, 这是一个捕捉的问题, 关联, 分析, 和 acting on all the security data generated by the organization 和 its cloud service providers.
With today’s microservice-based apps 和 hybrid 和 multi-cloud architectures, applications can be spread across several cloud platforms 和 本地数据中心. The need for cloud security comes from advanced attacks that often start with 端点 or web apps 和 then move across multiple computing environments. Attacks against one cloud platform are often followed by the same type of attack against other cloud platforms.
出于这些原因, it is essential that organizations use security solutions that provide visibility 和 monitoring across their entire IT footprint, 包括多个云平台和本地数据中心.
2022 Cloud Misconfigurations Report: La测试 云安全 Breaches 和 Attack Trends