Infrastructure Security: The Network Level Ensuring Data Confidentiality and Integrity, Ensuring

Proper Access Control, Ensuring the Availability of Internet-Facing Resources, Replacing the
Established Model of Network Zones and Tiers with Domains, Network-Level Mitigation

Infrastructure Security: The Host Level, SaaS and PaaS Host Security, IaaS Host Security,
Virtualization Software Security, Threats to the hypervisor, Virtual Server Security, Securing virtual
servers

Infrastructure Security: The Application Level, Application-Level Security Threats, DoS and EDoS,
End User Security, SaaS Application Security, PaaS Application Security, IaaS Application Security

Data Security and Storage, Aspects of Data Security, Data Security Mitigation Provider Data and Its
Security

Identity and Access Management Trust Boundaries and IAM, IAM Challenges, Relevant IAM
Standards and Protocols for Cloud Services, IAM Practices in the Cloud, Cloud Authorization
Management

I. Infrastructure security at the network level

Infrastructure security at the network level is crucial for safeguarding data confidentiality, integrity,
and availability. Here’s a breakdown of the key aspects you mentioned:

1. Ensuring Data Confidentiality and Integrity

 Encryption: Use strong encryption protocols (e.g., TLS, VPN) to protect data in transit and at
rest.

 Data Integrity Checks: Implement hashing algorithms (e.g., SHA-256) to verify that data
hasn’t been altered.

 Access Controls: Utilize role-based access control (RBAC) and attribute-based access control
(ABAC) to limit who can access sensitive data.

2. Ensuring Proper Access Control

 Authentication Mechanisms: Implement multi-factor authentication (MFA) to strengthen

user verification.

 Network Segmentation: Use VLANs or subnets to isolate sensitive resources and restrict
access based on roles.

 Least Privilege Principle: Ensure users have the minimum access necessary to perform their
duties.

3. Ensuring the Availability of Internet-Facing Resources

 Redundancy and Failover: Design systems with redundant components and failover
mechanisms to maintain service availability.

 DDoS Protection: Utilize services like Web Application Firewalls (WAFs) and Content Delivery
Networks (CDNs) to mitigate DDoS attacks.
  Monitoring and Incident Response: Implement real-time monitoring to quickly detect and
respond to availability threats.

4. Replacing the Established Model of Network Zones and Tiers with Domains

 Domain-Based Security Models: Shift to a domain-based architecture where security

policies are applied at the domain level, allowing for more granular control.

 Zero Trust Architecture: Adopt a zero trust model, where trust is never assumed and
verification is required for every access request, regardless of the user's location.

 Dynamic Policies: Implement dynamic security policies that adapt based on context and risk
assessment.

5. Network-Level Mitigation

 Firewalls and Intrusion Detection/Prevention Systems (IDPS): Use firewalls to filter traffic
and IDPS to detect and respond to suspicious activities.

 Traffic Analysis: Regularly analyze network traffic for anomalies that could indicate a breach
or attempted attack.

 Patch Management: Keep all network devices and software updated to protect against
known vulnerabilities.

II. Infrastructure Security: The Host Level

Infrastructure security at the host level is essential for protecting data and applications
across different service models, including SaaS, PaaS, and IaaS. Here’s a detailed overview of
host security considerations for each model:
1. The Host Level
 Operating System Hardening: Disable unnecessary services, remove unused
software, and apply security patches regularly.
 Endpoint Protection: Deploy antivirus and anti-malware solutions to protect against
threats.
 Access Control: Implement strong authentication and authorization mechanisms to
restrict access to the host.
2. SaaS Host Security
Software as a Service (SaaS) providers manage the underlying infrastructure, but
organizations still need to ensure secure usage of the applications.
 Data Encryption: Ensure that data is encrypted both in transit and at rest, even if
managed by the provider.
 Identity and Access Management (IAM): Use IAM solutions to manage user
identities and permissions effectively.
  Vendor Security Assessment: Conduct regular assessments of the SaaS provider's
security practices and compliance with relevant standards (e.g., GDPR, HIPAA).
 User Training: Educate users on best practices for secure usage of SaaS applications,
including recognizing phishing attempts and securing their accounts.
3. PaaS Host Security
Platform as a Service (PaaS) offers more control over the environment, requiring additional
security considerations.
 Application Security: Integrate security throughout the software development
lifecycle (SDLC) using tools for static and dynamic application security testing
(SAST/DAST).
 Environment Configuration: Ensure that PaaS configurations (e.g., databases,
storage) follow security best practices, such as minimizing exposure and
implementing least privilege.
 API Security: Secure APIs with authentication and authorization mechanisms,
ensuring they are not vulnerable to attacks like SQL injection or cross-site scripting
(XSS).
 Monitoring and Logging: Implement robust monitoring and logging to detect and
respond to security incidents in real-time.
4. IaaS Host Security
Infrastructure as a Service (IaaS) provides the most control over the environment, requiring
comprehensive security measures.
 Virtual Machine Security: Regularly patch and update virtual machines, and use
firewalls to control traffic to and from VMs.
 Network Security: Utilize network security groups and segmentation to restrict
access to critical resources.
 Backup and Disaster Recovery: Implement regular backup procedures and a disaster
recovery plan to ensure data availability in case of an incident.
 Compliance Monitoring: Regularly assess and monitor compliance with industry
standards and regulations to ensure security measures are effective.

Virtualization Software Security

Virtualization software security is critical for protecting virtualized environments, particularly
the hypervisor, which is the layer that manages virtual machines (VMs). Here’s an overview
of virtualization security and common threats to the hypervisor:
Virtualization Software Security
1. Hypervisor Hardening
o Configuration Management: Secure the hypervisor by following best
practices for configuration, minimizing unnecessary features, and ensuring it
runs only essential services.
o Patch Management: Regularly update the hypervisor software to protect
against vulnerabilities.
o Access Control: Implement strict access controls to the hypervisor, ensuring
only authorized personnel can make changes or access sensitive areas.
2. Network Security
o Segmentation: Use virtual LANs (VLANs) to isolate different virtual networks
and prevent unauthorized access between them.
o Firewalls: Deploy virtual firewalls to monitor and filter traffic between VMs
and external networks.
o Intrusion Detection/Prevention Systems (IDPS): Monitor network traffic for
signs of suspicious activities.
3. Data Protection
o Encryption: Encrypt data at rest and in transit within the virtual environment
to protect sensitive information.
o Backup Solutions: Implement robust backup and disaster recovery solutions
to ensure data integrity and availability.
4. Monitoring and Logging
o Audit Trails: Maintain comprehensive logging of hypervisor activities and VM
interactions to detect potential security incidents.
o Real-time Monitoring: Use security information and event management
(SIEM) solutions for real-time threat detection and response.
Threats to the Hypervisor
1. Malicious Hypervisor Attacks
o Hypervisor Takeover: Attackers exploit vulnerabilities to gain control over the
hypervisor, potentially affecting all VMs managed by it.
o Privilege Escalation: Malicious actors may attempt to escalate privileges from
a VM to gain access to the hypervisor.
2. VM Escape Attacks
 o Attackers may exploit vulnerabilities in the hypervisor to escape from a VM
and access the underlying host or other VMs. This can lead to unauthorized
access to data or resources.
3. Denial of Service (DoS) Attacks
o Attackers can target the hypervisor with DoS attacks, overwhelming it with
traffic or resource requests, which can disrupt the availability of hosted VMs.
4. Insider Threats
o Malicious insiders, such as employees with access to the hypervisor, can
exploit their privileges to compromise the environment.
5. Insecure APIs
o Hypervisors often expose APIs for management. Insecure APIs can be
exploited to manipulate VMs or gain unauthorized access.
6. Inadequate Segmentation
o Poorly configured virtual networks can lead to unauthorized access between
VMs, enabling attackers to move laterally within the environment.

Virtual Server Security

Some of the new host security threats in the public IaaS include:
• Stealing keys used to access and manage hosts (e.g., SSH private keys)
• Attacking unpatched, vulnerable services listening on standard ports (e.g., FTP, NetBIOS,
SSH)
• Hijacking accounts that are not properly secured (i.e., weak or no passwords for standard
accounts)
• Attacking systems that are not properly secured by host firewalls
• Deploying Trojans embedded in the software component in the VM or within the VM
image (the OS) itself

Securing virtual servers

The simplicity of self-provisioning new virtual servers on an IaaS platform creates a risk that
insecure virtual servers will be created. Secure-by-default configuration needs to be ensured
by following or exceeding available industry baselines.
Securing the virtual server in the cloud requires strong operational security procedures
coupled
with automation of procedures. Here are some recommendations:
• Use a secure-by-default configuration. Harden your image and use a standard hardened
image for instantiating VMs (the guest OS) in a public cloud.
• Track the inventory of VM images and OS versions that are prepared for cloud hosting.
• Protect the integrity of the hardened image from unauthorized access.
• Safeguard the private keys required to access hosts in the public cloud.
• Include no authentication credentials in your virtualized images except for a key to decrypt
the filesystem key.
• Do not allow password-based authentication for shell access.
• Require passwords for sudo* or role-based access (e.g., Solaris, SELinux).
• Run a host firewall and open only the minimum ports necessary to support the services
on an instance.
• Run only the required services and turn off the unused services (e.g., turn off FTP, print
services, network file services, and database services if they are not required).
• Install a host-based IDS such as OSSEC or Samhain.
• Enable system auditing and event logging, and log the security events to a dedicated log
server. Isolate the log server with higher security protection, including accessing controls.

III. Infrastructure Security: The Application Level

Infrastructure Security: The Application Level

Securing applications is vital for protecting data, maintaining integrity, and ensuring
availability within an infrastructure. Here's an overview of application-level security,
common threats, and specific security considerations for SaaS, PaaS, and IaaS environments.

Application-Level Security Threats

1. Injection Attacks
 o SQL Injection: Attackers manipulate SQL queries to access or manipulate
database data.
o Command Injection: Executing arbitrary commands on the host operating
system via vulnerable inputs.
2. Cross-Site Scripting (XSS)
o Attackers inject malicious scripts into web pages viewed by users, potentially
stealing session cookies or sensitive information.
3. Cross-Site Request Forgery (CSRF)
o Attackers trick users into executing unwanted actions on a web application
where they're authenticated.
4. Denial of Service (DoS) and Distributed Denial of Service (DDoS)
o DoS: An attack that overwhelms a service with requests, making it unavailable
to legitimate users.
o EDoS (Economic DoS): A form of DoS that exploits server resources, leading
to higher operational costs.
5. Man-in-the-Middle (MitM) Attacks
o Intercepting communication between users and applications to eavesdrop or
alter information.
6. Insecure APIs
o Vulnerabilities in APIs that can be exploited for unauthorized data access or
manipulation.

End User Security

1. User Awareness Training
o Educate users about security risks (e.g., phishing, social engineering) and safe
practices.
2. Secure Authentication
o Implement multi-factor authentication (MFA) to enhance user verification.
3. Data Protection
o Encourage users to use strong, unique passwords and encrypt sensitive data
stored on devices.
4. Device Security
 o Ensure users keep their devices updated and protected with security
software.

SaaS Application Security

1. Data Encryption
o Encrypt data at rest and in transit to safeguard sensitive information.
2. Identity and Access Management (IAM)
o Implement robust IAM policies to manage user roles and access permissions
effectively.
3. Third-Party Risk Management
o Assess the security posture of third-party integrations and APIs used within
the SaaS application.
4. Vendor Security Assessment
o Regularly evaluate the security practices of the SaaS provider to ensure
compliance with standards.

PaaS Application Security

1. Secure Development Practices
o Incorporate security into the software development lifecycle (SDLC) and
conduct regular security testing.
2. Runtime Protection
o Use application firewalls and runtime application self-protection (RASP) to
monitor and block malicious activity.
3. Environment Isolation
o Ensure that different applications or environments are isolated to minimize
risk exposure.
4. API Security
o Secure APIs with proper authentication mechanisms and limit access based
on user roles.

IaaS Application Security

1. Configuration Management
 o Apply security configurations to virtual machines and other infrastructure
components.
2. Network Security
o Use virtual firewalls and intrusion detection/prevention systems (IDPS) to
protect IaaS environments.
3. Access Control
o Enforce strict access controls on the infrastructure layer, including identity
management and least privilege access.
4. Monitoring and Logging
o Implement comprehensive monitoring and logging for all infrastructure
components to detect anomalies and potential breaches.
o

IV. Data Security and Storage

Data security is essential for protecting sensitive information from unauthorized access,
corruption, or theft, especially in today's digital landscape. Here’s a comprehensive overview
of data security, its aspects, mitigation strategies, and considerations for provider data
security.

Aspects of Data Security

1. Confidentiality
o Ensures that data is accessible only to those authorized to view it. Techniques
include encryption, access controls, and authentication.
2. Integrity
o Protects data from being altered or tampered with. This involves using
checksums, hashing, and digital signatures to verify data accuracy.
3. Availability
o Ensures that data is accessible when needed. This requires implementing
redundancy, backups, and failover mechanisms.
4. Accountability
o Establishes a clear record of who accessed or modified data. This is facilitated
through logging and monitoring.
5. Compliance
 o Adhering to regulations and standards (e.g., GDPR, HIPAA, PCI-DSS) that
govern data protection and privacy.

Data Security Mitigation Strategies

1. Encryption
o Data at Rest: Encrypt sensitive data stored on disks or in databases to protect
it from unauthorized access.
o Data in Transit: Use secure protocols (e.g., TLS, HTTPS) to encrypt data
transmitted over networks.
2. Access Controls
o Implement role-based access control (RBAC) and least privilege principles to
limit user access based on their roles.
o Use multi-factor authentication (MFA) to enhance security for critical data
access.
3. Data Masking and Tokenization
o Mask or tokenize sensitive data to protect it while maintaining usability in
non-production environments.
4. Regular Audits and Monitoring
o Conduct regular security audits and continuous monitoring to detect
vulnerabilities and ensure compliance with policies and regulations.
5. Backup and Recovery
o Implement regular data backup processes and develop a robust disaster
recovery plan to ensure data can be restored in case of loss or corruption.
6. Data Loss Prevention (DLP)
o Use DLP solutions to monitor, detect, and prevent unauthorized data transfers
or access.

Provider Data and Its Security

1. Vendor Risk Assessment
o Assess third-party vendors for their security practices and compliance with
data protection regulations before engaging with them.
2. Data Sharing Agreements
 o Establish clear agreements outlining data handling, security measures, and
responsibilities when sharing data with third parties.
3. Secure APIs
o Implement secure application programming interfaces (APIs) with proper
authentication and authorization mechanisms to control data access.
4. Incident Response Planning
o Develop an incident response plan that includes procedures for addressing
data breaches or security incidents involving provider data.
5. Regular Security Assessments
o Conduct regular assessments of the security practices of data storage and
management providers to ensure they meet required standards.
Identity and Access Management (IAM)
Identity and Access Management (IAM) is crucial for securing access to resources and data,
especially in cloud environments. Here’s a comprehensive overview covering trust
boundaries, challenges, standards, protocols, practices, and authorization management.

Trust Boundaries and IAM

1. Trust Boundaries
o Defined as the limits within which a system or application can trust users and
their identities. IAM helps establish and enforce these boundaries by
managing user identities and access rights.
o Internal vs. External: Internal users may have different access levels
compared to external users (e.g., contractors, partners).
o Zero Trust Model: Assumes no user or device should be trusted by default,
regardless of location. IAM plays a key role in verifying and validating every
access request.
2. Role of IAM
o Ensures that only authenticated and authorized users can access resources
within established trust boundaries.
o Helps maintain the principle of least privilege, granting users only the access
necessary for their roles.

IAM Challenges
1. Complexity of Managing Identities
 o Organizations often struggle with managing a large number of user identities
across various systems and applications.
2. Integration Issues
o Difficulty integrating IAM solutions with existing systems and applications,
especially in hybrid or multi-cloud environments.
3. User Experience
o Balancing security with user convenience can be challenging, as overly strict
policies may hinder productivity.
4. Compliance and Regulations
o Ensuring IAM practices comply with various regulations (e.g., GDPR, HIPAA)
can be complex and resource-intensive.
5. Threats and Vulnerabilities
o IAM systems themselves can be targeted by attackers, leading to
unauthorized access if not properly secured.

Relevant IAM Standards and Protocols for Cloud Services

1. SAML (Security Assertion Markup Language)
o An open standard for exchanging authentication and authorization data
between parties, particularly useful for single sign-on (SSO) solutions.
2. OAuth 2.0
o A widely used authorization framework that allows applications to obtain
limited access to user accounts on an HTTP service.
3. OpenID Connect
o An authentication layer built on top of OAuth 2.0 that provides a way to verify
the identity of users and obtain basic profile information.
4. SCIM (System for Cross-domain Identity Management)
o A standard for automating the exchange of user identity information between
domains, facilitating user provisioning and de-provisioning.

IAM Practices in the Cloud

1. Centralized IAM Solutions
o Utilize centralized IAM solutions to manage identities across multiple cloud
services and applications, improving visibility and control.
 2. Multi-Factor Authentication (MFA)
o Implement MFA for accessing cloud resources to enhance security and reduce
the risk of unauthorized access.
3. Identity Federation
o Enable federated identity management to allow users to authenticate across
different domains without needing separate credentials.
4. Regular Auditing and Monitoring
o Conduct regular audits of IAM policies and user access to ensure compliance
and identify any potential security issues.
5. User Lifecycle Management
o Automate the provisioning and de-provisioning of user accounts to ensure
timely access management based on roles and responsibilities.

Cloud Authorization Management

1. Role-Based Access Control (RBAC)
o Assign permissions based on user roles within the organization, simplifying
access management and enforcing the principle of least privilege.
2. Attribute-Based Access Control (ABAC)
o Leverage user attributes (e.g., department, location) to make more granular
access decisions.
3. Policy-Based Access Control
o Define access policies that dictate who can access what resources under
specific conditions, enabling dynamic access management.
4. Audit Trails and Logging
o Maintain detailed logs of access requests and actions taken within cloud
environments for compliance and forensic analysis.
5. Continuous Monitoring and Risk Assessment
o Implement continuous monitoring of user activities and access patterns to
detect anomalies and potential security threats.
Enterprise IAM functional architecture

The IAM processes to support the business can be broadly categorized as follows:
User management
Activities for the effective governance and management of identity life cycles
Authentication management
Activities for the effective governance and management of the process for determining
that an entity is who or what it claims to be
Authorization management
Activities for the effective governance and management of the process for determining
entitlement rights that decide what resources an entity is permitted to access in accordance
with the organization’s policies
Access management
Enforcement of policies for access control in response to a request from an entity (user,
services) wanting to access an IT resource within the organization
Data management and provisioning
Propagation of identity and data for authorization to IT resources via automated or manual
processes
Monitoring and auditing
Monitoring, auditing, and reporting compliance by users regarding access to resources
within the organization based on the defined policies

Security Assertion Markup Language (SAML)

SAML is the most mature, detailed, and widely adopted specifications family
for browser-based federated sign-on for cloud users. Once the use
authenticates to the identity service, she can freely access provisioned cloud
services that fall within the trusted domain, thereby sidestepping the cloud-
specific sign-on process. Since SAML enables delegation (SSO), by using risk-
based authentication policies customers can elect to employ strong
authentication (multifactor authentication) for certain cloud services. This can
be easily achieved by using the organization’s IdP, which supports strong
authentication and delegated authentication. By employing strong
authentication techniques such as dual-factor authentication, users are less
vulnerable to phishing attacks that have been growing steadily on the Internet.
Strong authentication to cloud services is also advisable to protect user
credentials from man-in-themiddle attacks—i.e., when computers or browsers
fall victim to trojans and botnet attacks. By supporting a SAML standard that
enables a delegated authentication model for cloud customers, the CSP can
delegate the authentication policies to the customer organization. In short,
SAML helps CSPs to become agnostic to customer authentication requirements.
Open Authentication (OAuth)
OAuth is an emerging authentication standard that allows consumers to share
their private resources (e.g., photos, videos, contact lists, bank accounts)
stored on one CSP with another CSP without having to disclose the
authentication information (e.g., username and password).
OAuth is an open protocol and it was created with the goal of enabling
authorization via a secure application programming interface (API)—a simple
and standard method for desktop, mobile, and web applications. For
application developers, OAuth is a method for publishing and interacting with
protected data. For CSPs, OAuth provides a way for users to access their data
hosted by another provider while protecting their account credentials.
Within an enterprise, OAuth may play a role to enable SSO with a trusted
service provider by employing a web services SSO model. OAuth facilitates
authorization of a pair of services to interact without requiring an explicit
federation architecture. Much like OpenID, OAuth started in the consumer-
centric world to help consumer services access customer data hosted across
providers. Recently, Google released a hybrid version of an OpenID and OAuth
protocol that combines the authorization and authentication flow in fewer
steps to enhance usability.

Federated Identity (SSO)

Organizations planning to implement identity federation that enables SSO for
users can take
one of the following two paths (architectures):
• Implement an enterprise IdP within an organization perimeter.
• Integrate with a trusted cloud-based identity management service provider.
Both architectures have pros and cons.
Enterprise identity provider
In this architecture, cloud services will delegate authentication to an
organization’s IdP. In this delegated authentication architecture, the
organization federates identities within a trusted circle of CSP domains. A circle
of trust can be created with all the domains that are authorized to delegate
authentication to the IdP. In this deployment architecture, where the
organization will provide and support an IdP, greater control can be exercised
over user identities, attributes, credentials, and policies for authenticating and
authorizing users to a cloud service.

Identity provider deployment architecture

Here are the specific pros and cons of this approach:
Pros
Organizations can leverage the existing investment in their IAM infrastructure
and extend the practices to the cloud. For example, organizations that have
implemented SSO for applications within their data center exhibit the following
benefits:
• They are consistent with internal policies, processes, and access management
frameworks.
• They have direct oversight of the service-level agreement (SLA) and security
of the IdP.
• They have an incremental investment in enhancing the existing identity
architecture to support federation.
Cons
By not changing the infrastructure to support federation, new inefficiencies can
result due to the addition of life cycle management for non-employees such as
customers.
Most organizations will likely continue to manage employee and long-term
contractor identities using organically developed IAM infrastructures and
practices. But they seem to prefer to outsource the management of partner
and consumer identities to a trusted cloud based identity provider as a service
partner.

Identity management-as-a-service
In this architecture, cloud services can delegate authentication to an identity
management-asa-service (IDaaS) provider. In this model, organizations
outsource the federated identity management technology and user
management processes to a third-party service provider, such as Ping Identity,

The identity store in the cloud is kept in sync with the corporate directory
through a provider proprietary scheme (e.g., agents running on the customer’s
premises synchronizing a subset of an organization’s identity store to the
identity store in the cloud using SSL VPNs).
Once the IdP is established in the cloud, the organization should work with the
CSP to delegate authentication to the cloud identity service provider. The cloud
IdP will authenticate the cloud users prior to them accessing any cloud services
(this is done via browser SSO techniques that involve standard HTTP redirection
techniques).
Here are the specific pros and cons of this approach:
Pros
Delegating certain authentication use cases to the cloud identity management
service hides the complexity of integrating with various CSPs supporting
different federation
standards.
Cons
When you rely on a third party for an identity management service, you may
have less visibility into the service, including implementation and architecture
details.