Get startedGet started for free

Access controls in the cloud

1. Access controls in the cloud

Imagine you’re a receptionist working at the front desk of an apartment complex. It’s your responsibility to decide who you let in. The concept of access controls in security works in a similar way. In this video, we’ll discuss the different types of access controls and how they can be implemented to help keep your cloud resources secure. Let's get started. Access control is a crucial element of cybersecurity because it ensures that only authorized individuals can access your data and resources. There are three main types of access controls: discretionary, mandatory, and role-based access controls. First is discretionary access control, or DAC, a security model where the owner of the data or resource has the discretion to grant or revoke access to other users. For example, in Google Drive, it’s possible to share only view access with an individual to one specific file, while simultaneously providing edit access to a different file. Both files can reside within the same directory. These varying levels of access —from partial to full— from the owner of the files, are discretionary. In a cloud environment, DAC can be implemented using access control lists, or ACLs. ACLs specify the permissions for each user or group. Next is mandatory access control, or MAC, which is a strict security model in which access is granted based on predefined security policies. For example, a private company’s information is classified into three categories: confidential, internal, and public. The company controls the distribution of crucial information under the confidential classification by granting access on a need-to-know basis. By assigning individual permissions based on their required access levels, the company successfully secures its proprietary information. In a cloud environment, MAC can be implemented using security labels or tags which are assigned to both data and users. Access is granted only if the user's security label matches the data's label. Now, let’s discuss role-based access control, or RBAC. RBAC is a method of controlling access to resources based on the roles assigned to users. In a cloud environment, RBAC can be implemented by assigning users to different roles and managing permissions at the role level. In some cases, it may be necessary to implement role hierarchies to simplify the management of permissions. Role hierarchies allow higher-level roles, such as a user with edit access to a Google Drive directory, to inherit permissions from lower-level roles, such as a user with view access to a Google Drive directory, ensuring that users with more responsibility have the necessary access to perform their duties. In other words, a user that can edit, can also view documents in a directory, though a user with view access will not be able to edit documents in a directory. Finally, attribute-based access control, or ABAC is a security model where access is granted based on attributes like user, resource, and environment. In a cloud environment, ABAC works by creating policies that define the conditions under which access is granted or denied. These policies can be based on a variety of attributes, like the user's job title, the sensitivity level of the data, or even the current day and time. Implementing ABAC in a cloud environment typically involves setting up a policy decision point, or PDP, and a policy enforcement point, or PEP. The PDP evaluates policies and makes access decisions, while the PEP enforces those decisions by granting or denying access to the resources. As a cloud security professional, you’ll need to apply a multifaceted approach to effectively implement access controls in the cloud and secure your data. One key component to implementing access controls in the cloud is identity and access management, or IAM. Remember IAM allows you to manage users, groups, roles, and permissions across your cloud environment. Along with IAM, organizations must also consider policies and resource hierarchies. These are crucial for structuring and enforcing access controls. Now that you know the different access control types, let's discuss some best practices for implementing access controls in cloud environments. The top three best practices include one, apply the principle of least privilege, giving users only the permissions they need to perform their tasks. Two, separate duties to minimize the risk of unauthorized access or actions. Three, regularly audit access controls in your cloud environment to ensure access permissions are up to date. Then review and update to and add or revoke access when necessary. By implementing these access controls you can ensure the security of your data in the cloud. Remember, as the receptionist of the cloud, you only want to let approved guests and visitors into the building.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.