Page 130 - Cyber Defense eMagazine September 2023
P. 130

4.  Prevent misconfigurations of cloud storage buckets: If you are starting a new project and need a
                   durable object-storage solution to store, manage and retrieve files, cloud storage is probably one
                   of the widely used native cloud services that organizations use. However, cloud storage buckets
                   are often misconfigured in a way that your buckets get exposed to the internet unknowingly. In
                   order to prevent such misconfigurations, you can use services such as Organizational Constraints
                   for Cloud Storage in Google Cloud to enforce constraints such as public access prevention and
                   object retention policies. You can also use Security Command Center’s  Storage Vulnerability
                   Findings to proactively detect misconfigurations in storage buckets.
               5.  Audit your users’ Cloud IAM Entitlement Lifecycle to improve security posture: Just about every
                   org  has an  outlook.com  /  yahoo.com  /  gmail.com account  somewhere  in  their  IAM  structure.
                   These user accounts could potentially be malicious with privileged permissions and pose a threat
                   to misuse your cloud resources. A manual audit of personal accounts/users can be difficult to
                   track in your cloud IAM hierarchy. To help organizations with the detection of such accounts, you
                   can  use  Google  Cloud’s  Organizational  Policies  to  limit  domains  with  IAM  grants.  In  Google
                   Cloud, you can also use Security Command Center’s Event Threat Detection to search IAM for
                   external grants.

            Cloud is a complex environment to manage and security in the cloud is even a tougher problem to solve
            for. However by taking advantage of the approaches called out above, you can shield your organization
            from the most common threats seen in cloud environments.





            About the Author

            Jhilam  Biswas  is  an  experienced  cybersecurity  professional  with  over  9
            years  of  experience  in  cloud  computing  and  security.  She’s  currently  a
            Customer Engineering Manager at Google Cloud helping strategic digital
            native clients to deploy and scale securely in the cloud. Before Google, she
            has worn many security hats in different F500 companies such as Security
            Solutions Architect at Akamai and Security Engineer at Cisco. She earned
            her MS Degree from the University of Maryland at College Park with a focus
            on cloud computing and network security. Jhilam can be reached online at
            https://www.linkedin.com/in/jhilambiswas/  and  at  our  company  website
            https://cloud.google.com/
















            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          130
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   125   126   127   128   129   130   131   132   133   134   135