How Do I Urgently Harden Cloud Services?

This week the White House released a statement warning of potential cyber attacks. The statement was accompanied by a fact sheet outlining specific steps companies should take “with urgency” to “harden cyber defenses immediately.”

ScaleSec builds modern security programs with cloud customers. We offer this review of the White House Cybersecurity Statement to equip those who need answers and guidance immediately.

Many of our clients are already addressing the security steps outlined below. But many more start-ups and small-to-medium sized businesses are facing these challenges with staff stretched thin, in conditions where hiring is as difficult as it has ever been, and when technology is evolving faster and faster.

Major cloud providers include native security services and features that security administrators can use right away. Our team has pulled together a concise list of links to accelerate planning and implementation. We hope this encourages teams to further secure their cloud environments, and allows companies to stay as focused as possible on their businesses.

We urge companies to execute the following steps with urgency:

• Azure AD: Azure AD Multi-Factor Authentication overview | Microsoft Docs

• O365: Set up multifactor authentication for users - Microsoft 365 admin

• AWS IAM: IAM tutorial: Permit users to manage their credentials and MFA settings

• AWS SSO: Multi-factor authentication - AWS Single Sign-On

• Google Cloud Identity and Google Workspace (G Suite) Enforce uniform MFA to company-owned resources | Cloud Identity

For a multifactor authentication device, we recommend use of hardware keys which have been shown to greatly reduce phishing.

Security Command Center | Google Cloud	Threat Detection with AWS Cloud	Microsoft Defender for Cloud

Check with your cybersecurity professionals to make sure that your systems are patched and protected against all known vulnerabilities

• Google Using Security Health Analytics | Security Command Center | Google Cloud

• AWS

  • Cloud Security Posture Management - AWS Security Hub - Amazon Web Services

  • Automated Vulnerability Management – Amazon Inspector – Amazon Web Services

• Azure Microsoft Defender for Cloud - CSPM & CWPP | Microsoft Azure

A password manager is useful here. Here are some:

• Google Passwords

• Microsoft Edge password manager security

• 1Password

• Google Backup And Disaster Recovery | Google Cloud

• AWS AWS Backup | Centralized Cloud Backup | Amazon Web Services

• Azure Cloud Backup Services | Microsoft Azure

Understand the role your provider plays:

• Google Data incident response process | Documentation | Google Cloud

• AWS AWS Security Incident Response Guide

• Azure Incident response overview | Microsoft Docs

Note: The AWS Security Incident Response Guide includes notes about simulations Simulate - AWS Security Incident Response Guide

Note: CISA provides materials for tabletop exercises CTEP Package Documents | CISA

Review your support plans and make sure the support and SLAs meet your business needs.

• Google Customer Care portfolio - Support

• AWS Compare Support Plans | Developer, Business, Enterprise On-Ramp, Enterprise | AWS Support

• Azure Azure Support Plans Comparison

• Google Data encryption options | Cloud Storage

• AWS How to choose an encryption tool or service

• Azure Azure Data Encryption-at-Rest - Security

• Training options https://www.google.com/search?q=employee+security+training

Anomaly detection in cloud:

• Google Using Event Threat Detection | Security Command Center | Google Cloud

• AWS Intelligent Threat Detection—Amazon GuardDuty–Amazon Web Services

• Azure Azure threat protection | Microsoft Docs

• Field Offices — FBI

• CISA Regions

• Shields Up Technical Guidance | CISA

We encourage technology and software companies to:

Start from the ground up by securing your cloud platform. Look for issues reported in the security dashboard for your cloud:

• Google Security Command Center | Google Cloud

• AWS Cloud Security Posture Management - AWS Security Hub - Amazon Web Services

• Azure Microsoft Defender for Cloud

Manage access control and other policies centrally with these cloud services:

• Google Resource hierarchy | Resource Manager Documentation | Google Cloud

• AWS AWS Organizations - Amazon Web Services

• Azure Overview of Azure Policy

Code security scanning services:

• Google Overview of Web Security Scanner | Security Command Center | Google Cloud

• AWS Amazon CodeGuru | Find Your Most Expensive Lines Of Code | AWS

• Microsoft About GitHub Advanced Security

• OWASP maintains a list here: Vulnerability Scanning Tools | OWASP Foundation

In-line web security services:

• Google Tuning Google Cloud Armor WAF rules

• AWS AWS WAF - Web Application Firewall - Amazon Web Services (AWS)

• Azure Azure Web Application Firewall (WAF)

Operating system vulnerability management:

• Google Container scanning | Container Analysis documentation | Google Cloud

• AWS Automated Vulnerability Management – Amazon Inspector – Amazon Web Services

• Azure Azure Automation Update Management overview | Microsoft Docs

Code provenance:

• Google Viewing build provenance | Cloud Build Documentation | Google Cloud

• Google Google Online Security Blog: Introducing SLSA, an End-to-End Framework for Supply Chain Integrity

• Microsoft Features · Security · GitHub

Get started with SBOM:

https://github.com/awesomeSBOM/awesome-sbom

Implement the security practices mandated in the President’s Executive Order, Improving our Nation’s Cybersecurity.

We wrote about this EO here: Executive order | ScaleSec

Cybersecurity Executive Order: a tl;dr	Deep Dive on the Cybersecurity Executive Order