What is Management Plane (Metastructure) Security
Published 05/13/2024
Written by Ashwin Chaudhary, CEO, Accedere.
Metastructure refers to the protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and configuration as per Cloud Security Alliance's Security Guidance v4.0.
The management plane is
- The single most significant security difference between traditional infrastructure and cloud computing.
- Refers to the interfaces for managing your cloud resources in the cloud and cloud deployments.
- Different from traditional infrastructure security and the most critical piece to protect.
- How you launch virtual machines and configure virtual networks.
- Admin tab for SaaS environment.
Key Functions
- Provisioning resources required in the cloud.
- Starting/stopping/terminating services required in the cloud.
- Configuring resources includes adding/modifying/removing resources in the cloud.
Securing Management Plane
- Secure root account.
- Manage non-root users.
- Enable monitoring/auditing.
Security Considerations
Five major factors for building and managing a secure management plane.
- Perimeter security: Protecting from attacks against the management plane’s components including web and API servers.
- Customer authentication: Providing secure mechanisms for customers to authenticate to the management plane using existing standards (like OAuth or HTTP request signing). Customer authentication should support MFA as an option or requirement.
- Internal authentication and credential passing: Cloud providers should always mandate MFA for cloud management authentication from internal users.
- Authorization and entitlements: The right or permission that is granted to a system entity to access a system resource is authorization. The entitlements are available to customers and internal administrators. Granular entitlements enable customers to securely manage their users and administrators and internally reduce the impact of administrator's accounts being compromised.
- Logging, monitoring, and alerting: Robust logging and monitoring of administrative activities is essential for effective security and compliance. This applies to what the customer does in their account, and what employees do in their day-to-day management of the service. Alerting of unusual events is an important security control to ensure that monitoring is actionable.
About the Author
Ashwin Chaudhary is the CEO of Accedere, a Data Security, Privacy Audit, and Training Firm. He is a CPA from Colorado, MBA, CITP, CISA, CISM, CGEIT, CRISC, CISSP, CDPSE, CCSK, PMP, ISO27001 LA, ITILv3 certified cybersecurity professional with about 20 years of cybersecurity/privacy and 40 years of industry experience. He has managed many cybersecurity projects covering SOC reporting, ISO audits, VAPT assessments, Privacy, IoT, Governance Risk, and Compliance.
Related Articles:
Establishing an Always-Ready State with Continuous Controls Monitoring
Published: 11/21/2024
Why Application-Specific Passwords are a Security Risk in Google Workspace
Published: 11/19/2024
Managing AI Risk: Three Essential Frameworks to Secure Your AI Systems
Published: 11/19/2024
Top Threat #5 - Third Party Tango: Dancing Around Insecure Resources
Published: 11/18/2024