White Papers

Cloud Security Checklist

Issue link: https://read.uberflip.com/i/1344862

Contents of this Issue

Navigation

Page 0 of 0

Mirantis Inc. | 900 E Hamilton Avenue, Suite 650, Campbell, CA 95008 | +1 (650) 963-9828 | www.mirantis.com © 2019 Mirantis Inc. All Rights Reserved. Information is subject to change. Cloud Security Checklist 6 things to think about when creating a high-security cloud environment Harden your cloud The best way to harden your cloud is to do it relative to a specific security f ramework, such as NIST, ISO, or FedRAMP. By adhering to a particular f ramework rather than cob- bling together fixes, you can lessen the chance of something slipping through the cracks. Assemble and vet compliance tools to be employed Many solutions for verifying and managing compliance exist, including both open source (such as OpenSCAP, OpenVAS, CIS benchmarks, Wazuh) and commercial (such as Qualys and Nessus). Assemble those you intend to use, then make sure that they're up-to-date. Also, do a gap analysis to see where your coverage is still lacking. Think about file integrity Ensuring file integrity is straightforward on Linux systems, as you can accomplish it with the Linux-native auditd and appropriate rules. Rules to think about implementing in- clude monitoring filesystem deletes, kernel parameters, PAM configuration, Linux library searchpaths, Linux password database, OpenStack APIs, Docker config and many more. Establish a security baseline When a cloud is deployed, it is done so with various settings and architectural decisions represented. Such decisions are reflected in the automation that deployed the cloud. Establishing a security baseline creates a snapshot of a point-in-time configuration of the deployed cloud. It can serve as a starting point in making incremental changes to the cloud that aligns better and better to a target state. The target state may be full align- ment of a specific security f ramework. It could also be a subset of a security f ramework, where gaps are documented, explained or justified. Safely implement elevated privilege management Some situations are going to require elevated privileges, either for administrators or backend tools. Some options for safely implementing this authentication without expos- ing your data and systems include Beyond Trust's Privilege Management for Unix and Linux Servers. You will also want to tie this access to LDAP, and enable keystroke logging for audit purposes. A complementary design goal for elevated privilege management is to understand where root privileges are needed and design support operations in such a way that, over time, your need for root access is eliminated. Awareness for where root access is needed may come f rom Root Cause Analysis (RCA) activities are performed. RCAs sometimes require taking administrative actions not anticipated in earlier opera- tional planning. Enable auditing of events The ability to audit events within the entire system is critical to preventing, detecting, and recovering f rom mishaps. One tool to enable this capability is Cloud Audit Data Federa- tion (CADF), which enables you to tag events such as "create VM" or "delete user". US +1-650-963-9828 mirantis.com/contact EMEA emea@mirantis.com Japan +81-3-6635-6355 info.jp@mirantis.com China china@mirantis.com Learn more at www.mirantis.com

Articles in this issue

Links on this page

view archives of White Papers - Cloud Security Checklist