Securing IaaS, PaaS and SaaS with a Cloud SIEM

As cloud computing continues to expand with no end in sight, it’s only wise to invest in it. Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service bring significant cost savings (personnel and ownership), improved performance, better reliability, freedom to scale and significant security benefits. It’s no wonder many businesses have already adopted all three of these models.

IaaS, PaaS and SaaS face very different security risks you must address if you adopt them. It’s important to understand the shared responsibility model, which defines the security obligations of each cloud environment and how it applies to each cloud service type. In IaaS, PaaS and SaaS alike, both CSPs and users are responsible for cloud security posture management, and the scope of that security responsibility is different for each cloud service type.

In this article, we explain the following:

• Who is accountable for security in IaaS, PaaS and SaaS

• What the security challenges are with IaaS

• What the security challenges are with PaaS

• What the security challenges are with SaaS

• How to eliminate those challenges

Security accountability in IaaS, PaaS and SaaS

The diagram below demonstrates the differences in security responsibilities in every cloud service model. Note that in IaaS, users have the greatest security responsibility.

Please refer to our earlier article for information on the shared responsibility model.

IaaS security risks

IaaS is the basic level of cloud service, in which the IaaS provider hosts cloud platform infrastructure components, including server and network security (hardware), and is responsible for keeping them secure. In this model, protecting applications, data, user access, operating systems and virtual network traffic is in the customer’s hands.

Cloud providers offer different tools for securing their resources, but it’s up to the IT professionals to use them correctly. Here are the most common mistakes that put an IaaS platform at risk:

• Data encryption turned off: Without encryption, data is exposed to theft and unauthorized access. Encryption is essential for data in transit when moving from on-premises and cloud-based resources and between different cloud applications. Organizations can use their encryption keys or those offered by the service provider.

• Misconfiguration: According to a McAfee report, every organization has at least 14 misconfigured IaaS instances running. The consequences? Over 2,200 misconfiguration incidents are reported per month, on average. Storage access that is open to the internet is the most common problem; as much as 5.5% of AWS S3 buckets are currently publicly readable, and that’s never a wise choice.

• Rogue cloud accounts: Unwarranted uses of cloud services are common with SaaS but can also occur in IaaS. These usually happen when an employee wants to use an application or resource not provisioned by their employer and uses a cloud provider without informing the company’s IT department.

• Robust user role-based permissions: When developers, other users or even inactive accounts can do more than their role requires, the entire organization infrastructure is exposed to great risk.

PaaS security risks

In addition to infrastructure, PaaS offers the software and tools needed to build applications. It’s a great solution, so it’s one level up from IaaS. In this model, the user must secure user access, data and applications while securing both the OS and the infrastructure becomes the CSP’s responsibility.

In PaaS, security concerns boil down to data protection issues. Consider the following risks:

• Data encryption turned off: Just like in IaaS, leaving your data unencrypted exposes it to theft and unauthorized access.

• Robust user role-based permissions: We’ll say it once again: to ensure maximum protection of your data, permit each user to do the minimum.

• Unrevised SLAs: The SLA you sign with the CSP relates directly to the value of your data. Understand and negotiate the terms of remuneration in case the data is lost or compromised. Check if their security control protocols are updated, etc.

SaaS security risks

In the SaaS model, CSPs host and manage the infrastructure and applications. In comparison with IaaS and SaaS, clients have less security responsibility. Nonetheless, they must ensure user access is sufficiently protected. Compromised passwords are the biggest security risk in SaaS.

We’ve recently covered SaaS security in a separate article. You can read it here.

Eliminating IaaS, PaaS and SaaS challenges: best practices

Many organizations operate in multi-cloud environments, using IaaS, PaaS and SaaS from different vendors. Regardless of which cloud service model you are using, we encourage you to look at the following best practices oriented toward increasing the security of your cloud infrastructure.

• Research the security practices of the cloud service provider

Find out their security patch management plan, when they last updated their security protocols, what their incident response and disaster management plans are, etc. It’s good to be prudent regarding your data and infrastructure. A McAfee study found that only 8% of cloud services meet the security requirements outlined in the CloudTrust™️ Program, and only 10% encrypt data at rest.

• Scan for inherited software liabilities

Most third-party platforms and libraries will have them. Developers can inherit them if a prior check for vulnerabilities isn’t performed.

• Benefit from threat modeling

Security flaws may be introduced to the code in the early stages of the development process. Using threat modeling tools can be invaluable in identifying and eliminating these flaws. Take a look at Microsoft’s free threat modeling tool.

• Implement stringent role-based access controls

Ensure that users and developers can do only what’s included in their job description and nothing more.

• Manage inactive accounts

Always de-provision inactive accounts and those belonging to former employees before hackers become interested. With services such as LinkedIn, finding out who has recently left your company is easy. Remember to lock root account credentials to block unauthorized access to admin accounts.

Eliminating public cloud security risks with Cloud SIEM

Traditional enterprise security tools aren’t the best fit for cloud resources. Cloud infrastructure, with its virtual machines, storage and networks, requires solutions built specifically for that virtual environment.

Ensure you invest in a unified security services tool that allows security teams to manage them centrally across all services and providers. In this way, you will have clear visibility over your infrastructure and will be able to streamline workflows.

An inability to collect data from off-premise assets exposes blind spots for enterprises and is a serious barrier to the adoption of cloud services. Sumo Logic removes those barriers. It is designed to handle all your log data effortlessly, regardless of volume, type or location.

Our universal security tool collects data from on-premise environments, private cloud, public cloud and hybrid cloud, and SaaS, PaaS and IaaS. It visualizes and reports on threats in real-time. Finally, it proactively uncovers events with an anomaly detection engine, so it doesn't require writing rules.

Sumo Logic Cloud SIEM for SaaS security

As organizations leverage modern-day SaaS applications like Google Cloud/Google Cloud Platform, Microsoft Azure, Amazon Web Services, and more, they must have visibility into user and administrator actions to help manage audit and compliance activities and identify unusual behaviors that might compromise data security.

User Behavior

• Get full visibility of who, what, where, when, and how

• Anomalous user and access behavior

• Monitor suspicious access from multiple locations

• Failed/ successful logins

Admin Activities

• Monitor the admin activities

• Monitor configuration changes

• Privilege access abuse

• Monitor actions from compromised accounts

• Settings/ config changes and drifts

Data Security

• Ensure the right data is accessed by the right users

• Data access monitoring by users, devices, locations

• Monitor for data exfiltration

Sumo Logic empowers SOC teams to modernize security operations with a cloud-native SIEM solution that provides holistic visibility into your organization’s security posture, automatically surfacing the actionable insights your analysts need to secure your organization’s cloud journey.

Download the solution brief to learn how Cloud SIEM can protect your organization.