Abstract:

Cloud computing offers an on-demand process and computing service without direct active management by the user. It can reach thousands of different networks in a day which makes it extremely powerful and challenging to secure. Many cloud customers are facing issues matching external security mandates based on their business domain. These mandates are prepared with reference to Industry standard frameworks. Organizations can determine the security posture of their cloud by following these standards. Security measures like visibility across the cloud environment, misconfiguration management, and compliance can strengthen the security posture of any cloud infrastructure. Cloud Service Providers (CSPs) deliver expensive cloud-native security services which can be achieved freely using a cloud Software Developers Kit (SDK). The research emphasizes the gap observed in the market by developing the application using SDKs which provides insights into cloud security, misconfigurations, and compliance. Gartner stated that over-provisioned access to cloud resources can lead to security breaches and data leakages. The authors have taken the Identity and Access Management (IAM) policy parameter as an example to prepare the research model as it is one of the most important ones among various cloud security parameters like firewall policies, encryption, etc. The purpose of this study is to find an economical way to access cloud security posture and compliance management for small and mid-scale companies with limited budgets. The proposed method uses APIs and SDKs to fetch the relevant information from the cloud environment to access and secure the organization’s cloud environment in a cost-effective way.

Keywords:

AWS, GCP, Azure, Security Management as a Service, Cloud Compliance, ISO, NIST, PCI DSS, Cloud Security Posture Management, Cloud Security, CSPM

Conference Published in: The International Conference on Recent Developments in Cyber Security (ReDCySec-2023)