Welcome to the CUIT Cloud Security Page The CUIT Information Security department has collaborated with Infrastructure services to implement a process which will monitor known malicious behaviors within cloud environments. This process requires logs from the cloud environment to be sent and analyzed into our SIEM (Sumo Logic). Once the correlation is performed events will be tracked and information distributed to the appropriate teams. This is a service is created by CUIT Security to provide security monitoring around the Columbia University cloud workloads. Together our mission for this initiative is provide a secure compute environment for our colleagues with cloud based workloads. Process Overview - Malicious or undesirable activity occurs in the cloud environments
- Log data is generated and sent into Sumo Logic
- This log data will trigger alerts in Sumo Logic identifying the abnormal activity
- Each week a summary of the malicious activities will be distributed to the owner of the cloud account in the environment
- The email will contain a breakdown of the events that have occurred
- Links will be included to Confluence which is a knowledge base for cloud security events
Responsibilities | Team | Role |
|---|
| CUIT Security | Detection of malicious activity or anomalies | | CUIT Infrastructure | Remediation of the event with the owner of the cloud workloads |
Security Best Practices Experts say that enterprises can increase the security of their public cloud deployments by following best practices and deploying the right cloud security technologies. Enterprises that want to be among the organizations experiencing fewer security issues should take the following steps: - Understand your shared responsibility model
- Ask cloud provider detailed security questions
- Deploy identity and access management (IAM) solution, leverage SAML and multi-factor authentication
- Train your staff about the newest threats and potential countermeasures
- Establish and enforce cloud security policies - security staff should have automated solutions in place to ensure that everyone is following these policies
- Secure your endpoints that includes firewalls, anti-malware, intrusion detection, access control
- If you are looking for anti-virus or anti-malware CUIT provides Malwarebytes to the university
- Encrypt data in motion and at rest
- Use intrusion detection and prevention technology - help organizations identify when an attack has occurred and take action to stop attacks in progress
- Review your organization's particular compliance requirements and make sure that your service provider will meet their data security needs
- Consider a 3rd party partner or consultant - to offer solutions or services designed to enhance cloud security
- Conduct audits and penetration testing - to determine whether your existing cloud security efforts are sufficient to protect your data and applications
By seeking and reporting on unfavorable events discovered among Columbia Cloud Security environments, we can work towards a safer operation and reduction of risk when using these technologies. Please see the below categories to view more information regarding a particular cloud platform along with their respective alerts. |