Juli 2022 - Seite 14 von 46 - Cloud Computing Köln

Editor’s note: This blog was originally published by Siemplify on October 6, 2021.The COVID-19 pandemic accelerated many organizations’ timelines to transition to the cloud and advance their digital transformation efforts. The potential attack surfaces for those organizations also grew as newly distributed workforces used unmanaged technologies. While some organizations thrived, the transition further exacerbated many of the key challenges many security teams already were facing, such as an overload of alerts, the need for more detection tools, and security skill shortages.The COVID-19 pandemic has also played a role in increasing SecOps automation, or is expected to in the near future, according to 76% of respondents in a Siemplify report from February 2021. Managed security services providers (MSSPs) and managed detection and response (MDR) vendors have emerged as big winners because of their ability to help organizations overcome these challenges while providing agility, scale and cost savings. Outsourcing arrangements also free up customers to eventually gain the internal knowledge that they were originally lacking, which led to calling on a provider to help fill the gaps in the first place. This is promising news for the MSSP space and ensures likely continued strong growth, but it doesn’t do away with obstacles they face to meet increasingly demanding customer expectations. As a result, not all security service providers are created equal.In a competitive marketplace, one way to shed a sometimes-spurious reputation and stand apart from rivals is through ensuring your security operations are optimized and delivering maximum outcomes for customers. To accomplish that, providers must overcome six modern MSSP obstacles:1) Increasing Customer Acquisition CostsWith the proliferation of security technology options, customers’ security stacks are more diverse than ever before. To compete, MSSPs must be willing and able to sufficiently support a broad set of technology that often results in higher acquisition costs, as well as increased training requirements for security analysts.2) Lack of Centralized Visibility MSSP analyst teams who manage and monitor a large customer base often lack visibility into the allocation of resources, which hinders their ability to balance productivity and risk. This visibility void often extends to the customer as well. Clients are yearning for greater visibility into their expanding network, more transparency around what is happening within it, and the ability for a third-party provider to do more than merely notify them about a threat. Customers care about positive outcomes from their providers, which means finding and stopping adversaries—and helping get their business back on its feet as quickly as possible.3) Multiple Delivery ModelsThe range of MSSP delivery models is increasingly diverse and includes always-on outsourced SOC, managed SIEM, MDR, and staff augmentation, as well as numerous hybrid models. These various models are converging—a single MSSP may provide multiple models in various configurations, adding cost and complexity to operations.4) Meeting SLA Commitments MSSP analyst teams who manage multiple systems and interfaces across =a diverse set of clients strain to meet rigorous SLA expectations.5) Round-the-Clock OperationsTo meet customer demands, MSSPs work around the clock, requiring multiple shifts and handoffs. It’s crucial to maintain consistency in response from one analyst to the next, and variability in staff knowledge and capability places added pressure on analysts. Driving consistency in processes and workflow to ensure optimal handling of alerts and incidents is paramount to balancing productivity and risk.6) Personnel TurnoverShortages and high turnover of personnel add to the challenges of managing a 24/7 operation. Meanwhile, reliance on manual processes and the need to retain expert knowledge further intensifies the pressure.The Power of Automation and OrchestrationMSSPs are engaged in a constant struggle to ensure their existing security team keeps up with growing customer expectations. Due to an ever-expanding digital footprint, heavy investment in detection, and a growing list of security tools to monitor, the industry is at a tipping point.SIEM and SOAR can help MSSPs under pressure by detecting and ingesting aggregated alerts and indicators of compromise (IOCs) and then executing automatable, process-driven playbooks to enrich and respond to these incidents. These playbooks coordinate across technologies, security teams and external users for centralized data visibility and action—for both internal analysts and external customers.For more information on how an automated and integrated SecOps suite can help you, visit chronicle.security.Related ArticleHow to overcome 5 common SecOps challengesHere are 5 common issues that many SecOps teams struggle with—and how to fix them.Read Article
Quelle: Google Cloud Platform

22. Juli 2022

da Agency

Using Cloud Bigtable with IAM Conditions and Tags

Cloud Bigtable is a low-latency, high-throughput NoSQL database. Bigtable users store terabytes of data in their tables, and exposing the data securely is essential for Bigtable users. If you are an administrator or developer responsible for securing access to your Bigtable data, you are likely utilizing Google Cloud security features to lock down the Bigtable resources and customize your authorization model.In this article, we are going to learn how to control access to certain Bigtable resources, create a narrow scope of your resources to apply permissions, and set permissions depending on the development environment. We’ll accomplish this using Identity and Access Management (IAM), IAM Conditions, and Tags to secure Bigtable data.Identity and Access Management IAM provides fine-grained access control and visibility for centrally managing Google Cloud resources. A complex cloud organization can have various resources that can have IAM policies bound to them, which are configured by administrators who want to control access based on roles.The following diagram shows an administrator binding an IAM policy to a resource. An IAM policy consists of one or more principals—otherwise known as members—and an administrator can grant one or more roles to each principal. A principle can be a user, group or a service account. A role is a collection of permissions that allow a principal to perform some actions on Google Cloud resources.Resources inherit IAM policies from their parents in the resource tree. When a user sends a request, IAM checks to see if the user has permission to perform the action on that particular resource. If the IAM policy bound to the resource can grant the permission to the user, then the permission is granted. If not, IAM goes up the resource tree to search for a policy that can grant such permission. If no policies can grant the permission are found in the resource tree, the request is rejected with a permission-denied error. The following Cloud Console example grants the Bigable Reader role to the user 222larabrown@gmail.com and binds the policy to the my-project project.This can also be done through the gcloud CLI:code_block[StructValue([(u’code’, u”gcloud projects add-iam-policy-binding my-project –member=’user:222larabrown@gmail.com’ –role=’roles/bigtable.reader'”), (u’language’, u”), (u’caption’, <wagtail.wagtailcore.rich_text.RichText object at 0x3e405e5a6810>)])]After the binding is created, the Bigtable Reader role is granted to 222larabrown@gmail.com within the my-project project. This means that 222larabrown@gmail.com can have read access to data in existing tables and to metadata for instances, clusters, and tables, including column families.There are three types of roles in IAM: basic, predefined, and custom. The Bigtable Reader role is a predefined role. See Understanding roles to learn more about IAM roles.IAM ConditionsIAM Conditions is a feature that allows the defining and enforcing of conditional, attribute-based access control for Google Cloud resources. In addition to the role binding to a resource, the resource access is granted to a principal only if the configured condition is met.The following illustrates how IAM Conditions works.The following Cloud Console example grants the Bigable Reader role to the user 222larabrown@gmail.com with the “Report tables” condition and binds the policy to the my-project project. With the Report tables condition, 222larabrown@gmail.com has read access to Bigtable tables that contain a prefix of report- in the table ID within the specific Bigtable instance.The condition Report tables is defined so that:The source type has to be the Bigtable table bigtableadmin.googleapis.com/Table.The resource (table) name has to have the prefix of projects/my-project/instances/my-instance/tables/report-.The service has to be the Bigtable Admin service: bigtableadmin.googleapis.com.This can also be done through the gcloud CLI:code_block[StructValue([(u’code’, u”gcloud projects add-iam-policy-binding my-project –member=’user:222larabrown@gmail.com’ –role=’roles/bigtable.reader’rn–condition-from-file=CONDITION_FROM_FILE”), (u’language’, u”), (u’caption’, <wagtail.wagtailcore.rich_text.RichText object at 0x3e4076be7f50>)])]The CONDITION_FROM_FILE should be a path to a local JSON or YAML file that defines the following condition:code_block[StructValue([(u’code’, u'”title”: “Report tables”,rn”description”: “Tables with ‘report-‘ prefix.”,rn”expression”: “resource.type == ‘bigtableadmin.googleapis.com/Table’ && resource.name.startsWith(‘projects/my-project/instances/my-instance/tables/report-) && resource.service == ‘bigtableadmin.googleapis.com'”‘), (u’language’, u”), (u’caption’, <wagtail.wagtailcore.rich_text.RichText object at 0x3e40768dd410>)])]IAM Conditions with TagsWhat if 222larabrown@gmail.com should only be allowed to have read access to the data in the Test or Staging environment because Prod has sensitive data that should not be exposed to 222larabrown@gmail.com? One way to achieve this is by binding some environment tag values to the right resources and limiting access to the resource with associated tag values using IAM Conditions.Tags are a good way to manage the resources in your organization hierarchy by adding additional business dimensions. You can use tags to group certain resources for different purposes such as access control. We are going to explore using tags to group resources for different environments, such as Test, Staging, and Prod.First, in the Cloud Console, you can create a tag at the organization level to represent the environments. The new tag has values of Test, Staging and Prod.Once the tag is created, it generates one tag key ID for the tag and three tag value IDs for the three tag values.Let’s say you want to use a Bigtable instance, my-instance, for your Test environment. You can bind the Test tag value in the Environment tag to the instance as follows, using the gcloud CLI.code_block[StructValue([(u’code’, u’gcloud resource-manager tags bindings create –tag-value=tagValues/260761697116 –parent=//bigtable.googleapis.com/projects/my-project/instances/my-instance’), (u’language’, u”), (u’caption’, <wagtail.wagtailcore.rich_text.RichText object at 0x3e405f84b550>)])]Note: Currently there is no Cloud Console support for binding tags to Bigtable instances.Once the binding is in effect, you can add a condition and only grant the role to the principal if the resource has a tag value that matches the Test tag value. Now the user 222larabrown@gmail.com has access only to the Test environment.Note: Combining tags and other attributes in the same condition is currently not allowed.See Tags and access control for more information.SummaryIn this article you learned:IAM fundamentalsHow to set IAM roles for Bigtable resources How to limit the scope of an IAM role further with IAM ConditionsHow to add an environment requirement for permissions using IAM TagsLearn MoreTo learn more about using IAM, IAM Conditions to secure your Bigtable data, see Access control with IAM.Related ArticleCloud SQL – SQL Server Performance Analysis and Query TuningCloud SQL – SQL Server Performance Analysis and Query TuningRead Article
Quelle: Google Cloud Platform