Cloud computing security: Difference between revisions

:These controls are administrative mechanisms intended to reduce attacks on a cloud system and are utilized to ensure compliance with external controls. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed.<ref>Andress, J. (2014). Deterrent Control - an overview | ScienceDirect Topics. Retrieved October 14, 2021, from <nowiki>https://www.sciencedirect.com/topics/computer-science/deterrent-control</nowiki></ref> (Some consider them a subset of preventive controls.) Examples of such controls could be considered as policies, procedures, standards, guidelines, laws, and regulations that guide an organization towards security. Although most malicious actors ignore such deterrent controls, such controls are intended to ward off those who are inexperienced or curious about compromising the IT infrastructure of an organization.

:The main objective of preventive controls is to strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities, as well as preventing unauthorized intruders from accessing or entering the system.<ref>Virtue, T., & Rainey, J. (2015). Preventative Control - an overview | ScienceDirect Topics. Retrieved October 13, 2021, from <nowiki>https://www.sciencedirect.com/topics/computer-science/preventative-control</nowiki></ref> This could be achieved by either ''adding'' software or feature implementations (such as firewall protection, endpoint protection, and multi-factor authentication), or ''removing'' unneeded functionalities so that the attack surface is minimized (as in [[unikernel]] applications). Additionally, educating individuals through security awareness training and exercises is included in such controls due to the human error being the weakest point of security. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified. All in all, preventative controls affect the likelihood of a loss event occurring and are intended to prevent or eliminate the systems’ exposure to malicious action.

:Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. Detective security controls function not only when such an activity is in progress and after it has occurred. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure. Most organizations acquire or create a dedicated security operations center (SOC), where dedicated members continuously monitor the organization’s IT infrastructure through logs and Security Information and Event Management (SIEM) software. SIEMs are security solutions that help organizations and security teams analyze “log data in real-time for swift detection of security incidents.”<ref>Marturano, G. (2020b, December 4). Detective Security Controls. Retrieved December 1, 2021, from <nowiki>https://lifars.com/2020/12/detective-security-controls/</nowiki></ref> SIEMS are not the only examples of detective controls. There are also Physical security controls, Intrusion detection systems, and anti-virus/anti-malware tools, which all have different functions centered around the exact purpose of detecting security compromises within an IT infrastructure.

:Corrective controls reduce the consequences of an incident, generally by limiting the damage. Such controls include technical, physical, and administrative measures that occur during or after an incident to restore the systems or resources to their previous state after a security incident.<ref>Walkowski, D. (2019, August 22). What are Security Controls? Retrieved December 1, 2021, from <nowiki>https://www.f5.com/labs/articles/education/what-are-security-controls</nowiki></ref> There are plenty of examples of corrective controls, both physical and technical. For instance, re-issuing an access card or repairing physical damage can be considered corrective controls. However, technical controls such as terminating a process and administrative controls such as implementing an incident response plan could also be considered corrective controls. Corrective controls are focused on recovering and repairing any damage caused by a security incident or unauthorized activity. The value is needed to change the function of security.