TY - GEN
T1 - Enhancing Cloud Security Posture for Ubiquitous Data Access with a Cybersecurity Framework Based Management Tool
AU - Coppola, Gregory
AU - Varde, Aparna S.
AU - Shang, Jiacheng
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Cloud security has become an important issue for many organizations that utilize cloud services, e.g. Amazon Web Services (AWS), especially as they have to manage the massive volumes of data (i.e. big data) and the application of artificial intelligence (AI) technologies. Ensuring that the security posture of the given environment protects sensitive data and maintains compliance can be challenging, particularly as ubiquitous data access is typically desirable. This paper discusses the design of a Cloud Security Posture Management (CSPM) tool, to monitor assets with emphasis on Amazon Web Services (AWS) for exemplification. The CSPM tool aims to monitor AWS assets based on the NIST Cybersecurity Framework v1.1 (NIST CSF). It focuses on continuous threat and intelligence monitoring along with misconfiguration alerting as needed. Leveraging AI capabilities, the CSPM tool can help identify risks and provide remediation recommendations. AWS services, such as VPC traffic logs, GuardDuty, and CloudTrail, can be used so that the tool can be modified to fit organizational security requirements. This paper discusses the CSPM tool design, monitoring, and reporting features, in order to enhance security and compliance for cloud computing. Proper planning and implementation via the power of AI and Big Data can enable organizations to utilize this CSPM tool to increase their cloud security posture along with reducing risks appearing in the environment. This work directly impacts cloud data management and ubiquitous data access for digital connectivity, and consequently makes broader impacts on smart mobility, a vital facet of smart cities.
AB - Cloud security has become an important issue for many organizations that utilize cloud services, e.g. Amazon Web Services (AWS), especially as they have to manage the massive volumes of data (i.e. big data) and the application of artificial intelligence (AI) technologies. Ensuring that the security posture of the given environment protects sensitive data and maintains compliance can be challenging, particularly as ubiquitous data access is typically desirable. This paper discusses the design of a Cloud Security Posture Management (CSPM) tool, to monitor assets with emphasis on Amazon Web Services (AWS) for exemplification. The CSPM tool aims to monitor AWS assets based on the NIST Cybersecurity Framework v1.1 (NIST CSF). It focuses on continuous threat and intelligence monitoring along with misconfiguration alerting as needed. Leveraging AI capabilities, the CSPM tool can help identify risks and provide remediation recommendations. AWS services, such as VPC traffic logs, GuardDuty, and CloudTrail, can be used so that the tool can be modified to fit organizational security requirements. This paper discusses the CSPM tool design, monitoring, and reporting features, in order to enhance security and compliance for cloud computing. Proper planning and implementation via the power of AI and Big Data can enable organizations to utilize this CSPM tool to increase their cloud security posture along with reducing risks appearing in the environment. This work directly impacts cloud data management and ubiquitous data access for digital connectivity, and consequently makes broader impacts on smart mobility, a vital facet of smart cities.
KW - AI tools
KW - big data
KW - cloud services
KW - cybersecurity
KW - data mining
KW - smart mobility
KW - ubiquitous computing
UR - http://www.scopus.com/inward/record.url?scp=85179757569&partnerID=8YFLogxK
U2 - 10.1109/UEMCON59035.2023.10316003
DO - 10.1109/UEMCON59035.2023.10316003
M3 - Conference contribution
AN - SCOPUS:85179757569
T3 - 2023 IEEE 14th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference, UEMCON 2023
SP - 590
EP - 594
BT - 2023 IEEE 14th Annual Ubiquitous Computing, Electronics and Mobile Communication Conference, UEMCON 2023
A2 - Chakrabarti, Satyajit
A2 - Paul, Rajashree
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 14th IEEE Annual Ubiquitous Computing, Electronics and Mobile Communication Conference, UEMCON 2023
Y2 - 12 October 2023 through 14 October 2023
ER -