The Home of the Security Bloggers Network
Home » Cybersecurity » Cloud Security »
Use this as a guide to help you unravel the nuances of cloud security and successfully navigate through the field.
Agents are specialized software packages or applications that are deployed to a device or machine to complete security-related actions.
Agent-based security runs agents on your machine and devices. Once deployed, the agents collect data on vulnerabilities and other security flaws, which are sent back for review. Agent-based scanning is ideal for conditions with poor or intermittent network connectivity.
Agentless scanning is a method of inspecting the vulnerabilities of a device without having to install software, instead reaching out from the server to the device.
Application Security (AppSec)
Application security involves the systems and security considerations set in place to protect applications after they are deployed. The goal is to find, fix and prevent cloud security issues.
An attack graph provides security teams with relevant information to protect their systems and network infrastructure from cyberattacks. It typically contains a series of paths, with each path denoting a series of exploits or atomic attacks. These can be used to simulate the possible paths an attacker will use to breach a network.
An attack path is a visual representation of the path that an attacker takes to exploit a weakness in a system. It includes the entire context of related risks and security issues to see and address potential weaknesses.
Attack Path Analysis
Attack path analysis gives a cloud owner a view of imposed risks and assets – specifically those in concern or danger of attack – to help mitigate current cases and prevent attacks from taking place in the future. Attack path analysis can uncover new and unknown risks, rather than those originating from known attack vectors.
Attack surface is a much broader term than attack vector that describes all the potential vulnerabilities that your environment is susceptible to. It describes anywhere and everywhere that an attacker might be able to gain access, including known, unknown and potential threats.
An attack vector is the method used by an attacker to take advantage of a security mishap existing in a cloud environment with the goal of gaining unauthorized access, taking control of resources, accessing vulnerabilities, or stealing valuable data. Common examples include: stealing or accessing sensitive credentials, elevating access to protected resources via privilege escalation, network misconfigurations that lead to undesired internet exposure, and poor encryption of assets. From there, attackers can use these vectors to gain access to your network through malicious code or other approaches.
Attack Vector Analysis
Attack vector analysis analyzes what security vulnerabilities and attack vectors you have and how attackers could use these to gain unauthorized access to your network.
Amazon Web Services (AWS)
AWS defines itself as “the world’s most comprehensive and broadly adopted cloud platform.” It offers over 200 services from its global data centers. Customers can use this software to build, deploy and manage applications, websites and other processes. Click here to dig deeper into AWS and key terms to understand.
Cloud Infrastructure Entitlement Management (CIEM)
Not everyone at an organization needs access to single and multi-cloud environments. CIEM helps companies avoid risks from having too many privileged users.
Cloud-Native Application Protection Platform (CNAPP)
A CNAPP is an all-in-one platform that simplifies monitoring, detecting, and acting on potential cloud security risks and vulnerabilities. It offers the ability to scan all configurations and workloads at the development stage and protect workloads during runtime.
Cloud Security Posture Management (CSPM)
CSPM is the name of a group of cloud security tools and technologies that help organizations reduce risks of the cloud. CSPM helps them find errors and misconfigurations, notice security or policy violations through threat detection, and then fix and patch any issues before an attack can occur to cloud services.
Cloud Service Provider (CSP)
A CSP is a third-party that provides cloud-based infrastructure, applications and storage services. Some examples include Google Cloud Platform, Amazon Web Services and Microsoft Azure.
A cloud workload is a specific application, capability or amount of work that can be run on a single cloud resource. Databases, virtual machines and containers are all examples of cloud workloads.
Cloud Workload Protection (CWP)
CWP is the process of continuously monitoring and removing threats from cloud workloads.
Cloud Workload Protection Platform (CWPP)
A CWPP detects and removes threats from a cloud environment. It uses signature-based detection and anomalous behaviors to identify suspicious activity.
Common Vulnerabilities and Exposures (CVE)
A CVE is a list of publicly disclosed computer security flaws. This helps both users and developers understand the risks behind a cloud environment and its configurations. But having no CVEs doesn’t necessarily mean you’re 100% secure. Dig into this concept here.
In cloud security, containers can be used for running both small and large software processes. Every container needs binary codes, libraries, configuration files and more. Container security ensures that every container-based system or workload is protected, including the container image, the running container and all other required steps.
Continuous Integration & Continuous Delivery (CI/CD)
DevOps use CI to create a consistent way to build code and package and test applications. CD then automates the delivery of these applications to infrastructure environments. As application changes move through the CI/CD pipeline, automation can allow changes to happen very quickly, without creating downtime or delays on the customer-side.
DevSecOps stands for development, security and operations. It expands collaboration between security and operations teams to include security teams in software development and delivery.
Directory Traversal Attack
This is a very specific vulnerability that allows an attacker to read certain files that live on a server.
Dynamic Application Security Testing (DAST)
DAST is the process of assessing the security level of a web application through simulated attacks.
Google Cloud Platform (GCP)
GCP is a suite of cloud computing services that companies can use to manage cloud projects and resources. This web-based interface allows developers to build, deploy and run applications on public, private and hybrid clouds.
A graph is essentially a map of your cloud environment. To create this graph, you need to build an explicit and well-defined relationship table stating all the possible links between assets and how these can be deducted from the data collected. The graph should be a cross-platform graph that contains assets from a multi-cloud environment. Learn more about graph theory here and the application of graph theory – graph technology – here.
Identity Access Management (IAM)
IAM is a framework that ensures the right users at an organization have access to the necessary technology resources. It allows organizations to manage employee apps without logging in as an administrator — they can maintain or discontinue access remotely.
Indicators of Compromise (IoC)
IoC provide forensic evidence to security professionals and system administrators regarding potential intrusions to a host system or network. Knowing there is a potential attack in process helps developers remediate quickly and accurately.
Infrastructure as Code (IaC)
IaC is the process of managing your cloud infrastructure through textual code, replacing manual and time-consuming processes. With IaC, engineers and developers can manage computer data centers through machine-readable definition files instead of physical hardware configuration. Learn more about IaC security here.
ISO 27001 is the only international standard that defines security management. It is designed to help organizations avoid security threats to their cloud environments.
Kubernetes is an open-source container orchestration system that automates software deployment and management. K8 was originally designed by Google but is now maintained by the Cloud Native Computing Foundation. New to K8? Watch this webinar for the basics!
Kubernetes Security Posture Management (KSPM)
KSPM is the tools and practices needed to automate security and compliances across K8 clusters. It constantly scans and validates to ensure that best practices are being met.
Least-Privileged Access (LPA)
LPA limits user access with a specific focus on system administrators. LPA ensures that only the necessary administrators have access to a system and aims to keep the number of users very low.
Log4Shell was a software vulnerability in Log4J, an open-source logging utility used by an enormous array of enterprise software, applications, and cloud services. This vulnerability is highly dangerous because it’s considered easy to exploit.
Azure is a public cloud computing platform that includes solutions developers can use for analytics, virtual computing, storage, networking and more. Check out key terms specific to Azure cloud security here.
National Vulnerability Database (NVD)
The NVD is the U.S. government repository of standard-based vulnerability information. This highly valuable data enables the automation of vulnerability management, security measurement and compliance. All vulnerabilities are assigned CVEs so cloud security professionals can learn about them and use them to prepare for the future.
Path Traversal Attack
This is an attack that occurs when a hacker gains access to files and directories that are stored outside of the web root folder.
Principal of Least Privilege (PoLP)
The PoLP states that users should only be given the minimum privileges necessary to complete their tasks, improving security, reducing liability, increasing audit readiness, and preventing common attacks.
Remediation is the process of resolving threats to a cloud environment.
Runtime protection is the process of detecting and blocking attacks from insight a running software. Runtime application self-protection is a technology that runs on a server and starts when an application is running to detect application attacks in real-time.
Service Organization Control 2 (SOC 2)
SOC 2 is an important compliance framework developed by the American Institute of Certified Public Accountants (AICPA). A SOC 2 report evaluates the security controls an organization uses and provides detailed information and assurance about those controls relevant to the AICPA Trust Services Criteria (TSC). While not necessarily a legal requirement, a SOC 2 report is considered table stakes in the SaaS industry.
Trust Services Criteria (TSC)
The SOC 2 Trust Services Criteria (TSC) is a framework for implementing and monitoring technical system controls, ensuring that your application can secure customer data and be up and running when they need it. The TSC principles are organized by: security, availability, processing integrity, confidentiality, and privacy.
Workload scanning helps organizations discover and remediate security threats in their cloud deployments.
These definitions of key cloud security terms simplify many of the nuances in the field. Let us know if you have any questions or need help with a term not listed here!
With this list as your backup, you’ll feel confident using these terms in any security conversation.
*** This is a Security Bloggers Network syndicated blog from Lightspin Blog authored by Lightspin. Read the original post at: https://blog.lightspin.io/cloud-security-terms
43 Cloud Security Terms You Need to Know for 2023 – Security Boulevard
The Home of the Security Bloggers Network