Page 130 - Cyber Defense eMagazine September 2023
P. 130
4. Prevent misconfigurations of cloud storage buckets: If you are starting a new project and need a
durable object-storage solution to store, manage and retrieve files, cloud storage is probably one
of the widely used native cloud services that organizations use. However, cloud storage buckets
are often misconfigured in a way that your buckets get exposed to the internet unknowingly. In
order to prevent such misconfigurations, you can use services such as Organizational Constraints
for Cloud Storage in Google Cloud to enforce constraints such as public access prevention and
object retention policies. You can also use Security Command Center’s Storage Vulnerability
Findings to proactively detect misconfigurations in storage buckets.
5. Audit your users’ Cloud IAM Entitlement Lifecycle to improve security posture: Just about every
org has an outlook.com / yahoo.com / gmail.com account somewhere in their IAM structure.
These user accounts could potentially be malicious with privileged permissions and pose a threat
to misuse your cloud resources. A manual audit of personal accounts/users can be difficult to
track in your cloud IAM hierarchy. To help organizations with the detection of such accounts, you
can use Google Cloud’s Organizational Policies to limit domains with IAM grants. In Google
Cloud, you can also use Security Command Center’s Event Threat Detection to search IAM for
external grants.
Cloud is a complex environment to manage and security in the cloud is even a tougher problem to solve
for. However by taking advantage of the approaches called out above, you can shield your organization
from the most common threats seen in cloud environments.
About the Author
Jhilam Biswas is an experienced cybersecurity professional with over 9
years of experience in cloud computing and security. She’s currently a
Customer Engineering Manager at Google Cloud helping strategic digital
native clients to deploy and scale securely in the cloud. Before Google, she
has worn many security hats in different F500 companies such as Security
Solutions Architect at Akamai and Security Engineer at Cisco. She earned
her MS Degree from the University of Maryland at College Park with a focus
on cloud computing and network security. Jhilam can be reached online at
https://www.linkedin.com/in/jhilambiswas/ and at our company website
https://cloud.google.com/
Cyber Defense eMagazine – September 2023 Edition 130
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.