Back to Basics — Workload Security with Open Source
Ensuring the security of workloads is crucial in the quickly changing world of cloud computing which might results in losses escalating faster than Gen-Z getting offended about memes. Users can create and maintain secure workloads using the extensive collection of security capabilities and services offered by Google Cloud Platform.
Workload security is greatly improved by open-source security solutions in addition to the inherent security features provided by GCP. Yes I know people generally refer to Open Sourcewith a bombastic side-eye and might lecture you on compliances and eligibility. Although being hesitant to this fact the offerings and efficiency in Open Sourcecannot be judged.
Going along the lines of the stated shared responsibility model the security of the underlying infrastructure is Google’s duty, and users are in charge of protecting their workloads that are placed on GCP, so why not make use of the best option for us broke people? THE OPEN SOURCE!!
What’s Already Available??
- IAM — Users can control access to GCP resources and services using IAM. It offers granular access control via roles and permissions, enabling administrators to uphold the least privilege principle. Not so soon buddy!
- VPC Controls — Users can build private virtual networks on GCP using VPC. Workloads are protected from network-based risks by network security features such as firewall rules, network-level controls, and load balancers.
- GCP KMS — GCP offers encryption capabilities to protect data at rest and in transit. It provides default encryption for data stored in various services, as well as options for user-managed encryption keys.
- Native Monitoring — For the purpose of identifying and reacting to security events, GCP offers strong monitoring and logging features. Users are able to gather and examine logs and metrics from GCP resources thanks to services like Stackdriver Monitoring and Cloud Logging.
- Security Command Center — For the purpose of identifying and reacting to security events, GCP offers strong monitoring and logging features. Users are able to gather and examine logs and metrics from GCP resources thanks to services like Stackdriver Monitoring and Cloud Logging. If this doesn’t make you go “I..HAVE..THE..POWERRRR” I don’t know what will.
But Before We Move Forward
Before we discuss anything longer, we are not discussing anything specific to the tool suggestions I present in this blog as a suggestion and there are some points that I would like to state:
- The tools suggested in the next part are suggestions accepted by the industries open to implementation of Open Source in their live environment
- This blog will not include details on the tools but the future blogs will get advance with them
With that being said let’s understand what are the best practices or sought after approaches that the industry looks for or what is to be done:
- Infrastructure — When deploying workloads, use secure configuration management techniques, such as operating system hardening, communication channel security, and the least privilege principle.
- Take a robust configuration — To achieve uniform security settings across GCP workloads, adopt a strong configuration management technique. Automate configuration management activities by using programmes like Ansible or Puppet.
- Patch Management — Stay up to date with security patches and updates for GCP services and workloads. Implement an automated patch management process to ensure timely application of security fixes. Even if you cannot fix yourself, fix your patches please.
- Isolation — Yes we are tech guys, we are isolated in life but your networks need to be too, why will you suffer alone? Utilise network segmentation to divide workloads and limit lateral network mobility. Network-level access controls can be enforced using VPC firewalls and security groups.
- Incident Response & Delivery — To ensure efficient handling of security problems, create an incident response strategy and routinely do exercises. To lessen the effect of potential breaches, implement regular data backups and practise disaster recovery.
B̵u̵z̵z̵ ̵L̵i̵g̵h̵t̵y̵e̵a̵r̵ Open Source to the rescue
Let’s get some use cases for some industry accepted Open SourceTools that you can implement into your GCP Environment with ease
Suricata
Used as an Intrusion Detection and Prevention System (IDPS) Suricata comes into play for real-time network traffic monitoring, intrusion detection and prevention, and alert generation for potential security events. In order to detect malicious behaviour and defend GCP workloads from network-based risks, it analyses network packets and signatures. You can easily configure custom Indicators of Compromise (IoC) and signatures to suit the capabilities of Suricata to your workload needs.
Three Musketeers ELK
Elastisearch, Logstash and Kibana are three brothers of the Popular stack ELK helping with log examination and SIEM. Logstash is used for log collection and parsing, Elasticsearch is used for log archiving and searching, and Kibana is used for log visualisation. ELK Stack may help with incident response, enabling efficient monitoring and analysis of security logs, and provide insights into security events by gathering and correlating logs from GCP services and security devices.
OpenVAS/Greenbone
Ever worried about getting a single glass-pane for vulnerability scanning in order to identify security vulnerabilities in GCP workloads. It performs comprehensive scans of systems, services, and applications, and provides reports on identified vulnerabilities, enabling timely patching and reducing the risk of exploitation.
Claire/Trivy
Clair or Trivy security scanner that can be integrated with GCP or literally any CICD Pipeline like Jenkins, ERGO or Concourse to analyze container images for known vulnerabilities. By scanning container images during the build and deployment process, Clair provides visibility into potential security risks, enabling proactive mitigation and ensuring secure containerized workloads on GCP.
Falco
Syscalls stand as the father of communication for container runtime environment Falco focuses on keeping an eye on and finding unusual behaviours inside containers. Falco can improve the security of GCP workloads by analysing system calls and runtime activity to find suspicious activity, intrusions, and security policy violations in containerized environments.
OSSEC
File Integrity Monitoring is often looked with a batted eye but essentially stands to be crucial in the process tools like OSSEC helps workloads to be monitored for unauthorised modifications to files and configurations. OSSEC can raise alarms and notifications when unusual modifications take place by routinely inspecting files for integrity, aiding in the detection of potential security breaches.
OSQuery
Endpoint Security for GCP Workloads can be a pain to track where tools like OSQuery gathers and examines GCP instance telemetry data at the host level. In order to detect security threats and prepare for prospective incidents, it offers real-time monitoring and querying of system data, logs, processes, and configurations.
To Conclude
Open Source comes with its challenges to acceptability in environments over the assumptions of applicability and an evolving nature. If calibrated properly Open Source tools can help with immense ease in environments where cloud native tools might be an overkill to work needs. But hey, now it’s upto you :)
