Supporting a Remote Workforce?

Improve the security of VPN, Zoom & Office365 services.
Back to blog results

February 27, 2020 By Sridhar Karnam

Securing IaaS, PaaS, and SaaS in 2020 with a Cloud SIEM

As the cloud continues to expand with no end in sight, it’s only wise to invest in it. Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service bring significant cost savings (personnel and ownership), improved performance, better reliability, freedom to scale and - above all - significant security benefits. It’s no wonder that so many businesses have already adopted all three of these models.

IaaS, PaaS and SaaS face very different security risks you will have to address if you decide to adopt them. It’s important to understand the shared responsibility model which defines the security obligations in the cloud and how it applies to each cloud service type. In IaaS, PaaS and SaaS alike, both CSPs and users are responsible for security and the scope of that responsibility is different for each cloud service type.

In this article, we explain the following:

  • Who is accountable for security in IaaS, PaaS and SaaS
  • What the security challenges are with IaaS
  • What the security challenges are with PaaS
  • What the security challenges are with SaaS
  • How to eliminate those challenges

Security accountability in IaaS, PaaS and SaaS

The below diagram demonstrates the differences in security responsibilities in every cloud service model. Note that in IaaS users have the greatest security responsibility.

For information on the shared responsibility model, please refer to our earlier article.

IaaS security risks

IaaS is the basic level of cloud service, in which the provider hosts infrastructure components, including servers and networking hardware and is responsible for keeping them secure. In this model, protecting applications, data, user access, operating systems and virtual network traffic is in the customer’s hands.

Cloud providers offer different tools for securing their resources, but it’s up to the IT professionals to use them correctly. Here are the most common mistakes that put IaaS at risk:

  • Data encryption turned off: Without encryption, data is exposed to theft and unauthorised access. Encryption is essential for data in transit, when it’s being moved from on-premises and cloud-based resources, and between different cloud applications. Organizations can use their own encryption keys or those offered by the service provider.
  • Misconfiguration: Statistically, every organization has at least 14 misconfigured IaaS instances running, according to a McAfee report. The consequences? Over 2,200 misconfiguration incidents are reported per month, on average. Storage access that is open to the internet is the most common problem; as much as 5.5% of AWS S3 buckets are currently publicly readable, and that’s never a wise choice.
  • Rogue cloud accounts: Unwarranted uses of cloud services are common with SaaS, but can occur in IaaS as well. These usually happen when an employee wants to use an application or resource not provisioned by their employer, and ends up using a cloud provider without informing the company’s IT department.
  • Robust user role-based permissions: When developers, other users or even inactive accounts are able to do more than their role requires, the entire organization infrastructure is exposed to great risk.

PaaS security risks

In addition to infrastructure, PaaS offers the software and tools needed to build applications. It’s a great solution, so it’s one level up from IaaS. In this model, the user must secure user access, data and applications, while securing both the OS and the infrastructure become the CSP’s responsibility.

In PaaS, security boils down to data protection issues. Consider the following risks:

  • Data encryption turned off: Just like in IaaS, leaving your data unencrypted exposes it to theft and unauthorised access.
  • Robust user role-based permissions: We’ll say it once again: to ensure maximum protection of your data, permit each user to do the minimum.
  • Unrevised SLAs: The SLA you sign with the CSP relates directly to the value of your data. Understand and negotiate the terms of remuneration in case the data is lost or compromised. Check if their security protocols are updated, etc.

SaaS security risks

In the SaaS model, CSPs host and manage the infrastructure and applications. In comparison with IaaS and SaaS, clients have less security responsibility. Nonetheless, they must ensure user access is sufficiently protected. Compromised passwords are the biggest security risk in SaaS.

We’ve recently covered SaaS security in a separate article. You can read it here.

Eliminating IaaS, PaaS and SaaS challenges: best practices

Many organizations operate in multi-cloud environments, where they use IaaS, PaaS and SaaS from different vendors. Regardless of which cloud service model you are using, we encourage you to take a look at the following best practices oriented at increasing the security of your cloud infrastructure.

  • Research the CSP’s security practices

Find out what their security patch management plan is, when they last updated their security protocols, what their incident response and disaster management plans are, etc. It’s good to be prudent when it comes to your data and infrastructure. A McAfee study found that only 8% of cloud services meets the security requirements outlined in the CloudTrust Program and only 10% encrypt data at rest.

  • Scan for inherited software liabilities

Most third-party platforms and libraries will have them. They can be inherited by developers if a prior check for vulnerabilities isn’t performed.

  • Benefit from threat modeling

Security flaws may be introduced to the code in the early stages of the development process. Using threat modeling tools can be invaluable in identifying and eliminating these flaws. Take a look at Microsoft’s free threat modeling tool.

  • Implement stringent role-based access controls

Ensure that both users and developers are allowed to do only what’s included in their job description and nothing more.

  • Manage inactive accounts

Always deprovision inactive accounts and those belonging to former employees before hackers become interested in them. With services such as LinkedIn, it’s easy to find out who has recently left your company. Remember to lock root account credentials as well to block unauthorized access to admin accounts.

Eliminating public cloud security risks with Cloud SIEM

Traditional enterprise security tools aren’t the best fit for cloud services. Cloud infrastructure, with its virtual machines, storage and networks, requires solutions built specifically for that virtual environment.

Make sure you invest in a tool that provides unified security services and allows you to manage them centrally across all services and providers. In this way, you will have clear visibility over your infrastructure and will be able to streamline workflows.

Inability to collect data from off-premise assets exposes blind-spots for enterprises and is a serious barrier to adoption of cloud services. Sumo Logic removes those barriers. It is designed to effortlessly handle all of your log data, regardless of volume, type or location.

Our universal security tool collects data from on-premise environment, private, public and hybrid clouds, as well as SaaS, PaaS and IaaS. It visualizes and reports on threats in real time. Finally, it proactively uncovers events with an anomaly detection engine, so it doesn't require writing rules.

Sumo Logic Cloud SIEM for SaaS Security

As organizations leverage modern-day, SaaS applications like Office 365, Salesforce, Google Apps and Box, it is critical that they have visibility into user and administrator actions to help manage audit and compliance activities and identify unusual behaviors that might compromise data security.

User Behavior

  • Get full visibility of who, what, where, when, & How?
  • Anomalous user & access behavior Monitor
  • Suspicious access from multiple locations
  • Failed/ successful logins

Admin Activities

  • Monitor the admin activities
  • Monitor configuration changes
  • Privilege access abuse
  • Monitor actions from compromised accounts
  • Settings/ config changes and drifts

Data Security

  • Ensure the right data is accessed by the right users
  • Data access monitoring by users, devices, locations
  • Monitor for data exfiltration

Complete visibility for DevSecOps

Reduce downtime and move from reactive to proactive monitoring.

Start free trial

Categories

Spotlight

Sumo Logic Continuous Intelligence Platform™

Build, run, and secure modern applications and cloud infrastructures.

Start free trial
Sridhar Karnam

Sridhar Karnam

Senior Director of Product Marketing

Sridhar Karnam leads the security product marketing for Sumo Logic. Sri has a decade of experience with SIEM, Security Analytics, Cloud Security, and IT Operations. He has led product management & marketing for SIEM solutions at ArcSight, Arctic Wolf, and at Oracle. He has written hundreds of blogs on SIEM, and has also spoken at many security and IT events.

More posts by Sridhar Karnam.

People who read this also enjoyed

Blog

Domain Hijacking Impersonation Campaigns

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.

Blog

The Path of an Outlaw, a Shellbot Campaign

The ability of an actor to remain undiscovered or obfuscating its doings when driving a malicious campaign usually affects the gains of such campaigns. These gains can be measured in different items such as time to allow completion of operations (exfiltration, movement of compromised data), ability to remain operative before take down notices are issued, or ability to obtain gains based on for-profit driven crimeware (DDoS for hire, Crypto mining).

Blog

Why cloud-native SIEM is vital to closing the security skills gap

Our digital surface is expanding rapidly and threats are becoming more sophisticated day by day. This is putting enormous strain on security teams, which have already been stretched to the limits. Nonetheless, organizations are skeptical of relieving this cybersecurity strain with AI and automation. Why does this situation persist when it’s simply against the logic?