The National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have issued five joint cybersecurity bulletins containing best practices for securing the cloud environment.
Cloud services have become very popular for organizations because they provide managed servers, storage, and applications without them having to manage their own infrastructure.
Cloud services have become so ubiquitous that many enterprise application developers offer an on-premises version and a cloud-hosted version that they manage, easing the burden on company administrators.
Today, the NSA and CISA released five joint documents on how to secure your cloud services using best practices. These guides focus on identity and access management solutions, key management solutions, data encryption in the cloud, cloud storage management, and risk mitigation from managed service providers.
The five pieces of evidence are listed below with the NSA/CISA summary:
Use secure cloud identity and access management practices
“The purpose of this Cybersecurity Information Sheet (CSI) is to explain some of the common threats to cloud identity management, and to recommend best practices organizations should employ to mitigate these threats when operating in the cloud.”
This CSI includes tips for both identity and access management, including best practices about configuring MFA, storing credentials, and dividing privileges, so that multiple people are required to elevate privileges or perform sensitive actions.
Use secure cloud key management practices
“CSI identifies key management options based on these factors and recommends best practices to consider when using them. With any use of a cloud key management system, it is important to understand and document shared security responsibilities. See the NSA CSI: Shared Cloud Support Responsibility Model for additional information about the Shared responsibility.
This CSI discusses how to securely configure key management solutions (KMS).
Implementing network segmentation and cryptography in cloud environments
“This Cybersecurity Information (CSI) paper provides recommendations for implementing these principles in a cloud environment, which can differ from on-premises (local) networks. While on-premises networks require specialized hardware to enable ZT, cloud technologies natively provide the infrastructure and services necessary to implement these recommendations to a greater degree Varied CSI focuses on best practices using features commonly available in cloud environments.
This CSI provides tips on encrypting data in transit and how to best segment your cloud services so they can't communicate with each other unless necessary.
Secure data in the cloud
“The purpose of this cybersecurity fact sheet is to provide an overview of what cloud storage is and common practices for properly securing and auditing cloud storage systems.”
This CSI provides guidance on encrypting data at rest, securing data from unauthorized access, and creating backup and recovery plans.
Mitigating risks from managed service providers in cloud environments
“This cybersecurity white paper identifies five important aspects to consider when selecting and using MSP services.”
Managed service providers (MSPs) often have high levels of access to customer networks, making them attractive targets for threat actors, as seen in Kasya's massive REvil ransomware attack.
This CSI provides tips on securing corporate accounts used by MSPs, reviewing their activities, and what to think about when negotiating agreements.
While many cybersecurity professionals, network administrators, and IT executives may be familiar with the best practices shared in these CSIs, since they are short reads, it's worth seeing if you can learn something new.
Threat actors typically target cloud services because they tend to store valuable data and can be used to pivot to internal networks.
In 2021, Microsoft released a report on how Russian Nobelium threat actors are actively targeting cloud services and managed service providers to target their downstream customers, including their internal networks.
To help detect attacks targeting Azure cloud services, CISA released a tool called the “Untitled Goose Tool” last year that helps defenders unload telemetry data from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments.
