Introduction to Cloud Security Architecture
Meta: What is the Cloud Security Architecture that cloud application developers can freely use when developing applications for IaaS and PaaS platforms? Let’s ind the answer in the following article.
Key: cloud security architecture
Cloud application developers have been very successful in developing applications for IaaS (Amazon AWS, Rackspace, etc.) and PaaS (Azure, Google App Engine, Cloud Foundry). These platforms provide basic security features including support for authentication, minimizing DoS attacks, managing firewall policies, logging, managing records and basic users, but concerns. Security continues to be number one for enterprise cloud adoption. In fact, cloud security concerns include the secure configuration of virtual machines deployed on the IaaS platform to manage user privileges in the PaaS cloud.Cloud Security – Shared Responsibility
Cloud Security – Shared Responsibility
First of all, let’s learn about the cloud security operation model. Cloud security responsibilities in public clouds are shared between cloud customers and cloud service providers. Cloud providers are responsible for securing shared infrastructure (e.g. routers, switches, load balancers, firewalls, virtualizers, storage networks, control panels management, DNS, directory services, and cloud APIs).
In fact, you must perform a gap analysis of cloud service capabilities before signing up with your provider. Specifically, you should assess maturity, transparency, compliance with enterprise security standards (e.g. ISO 27001), and regulatory standards such as PCI DSS, HIPAA, and SOX.
Cloud Security Principles
In fact, each business has a different level of risk tolerance. This is reflected in the culture of product development, adoption of new technologies, IT service delivery models, technology, and investment strategies implemented in the field of tools and security capabilities. When a business unit in your business decides to leverage SaaS for business benefits, the technology architecture should lend to support that model. On the other hand, security architecture must conform to technology architecture principles and. The following is a sample of cloud security principles that enterprise security architects should consider:
- Services running in the cloud must meet the least privileged principles.
- Use firewall layers to isolate between different security areas – cloud firewall, virtualization firewall, client firewall, and application container. More importantly, firewall policies in the cloud must comply with trusted regional isolation standards based on data sensitivity.
- Applications should use endpoint transport encryption such as SSL, TLS, IPSEC. This is to secure data transfer between applications deployed in the cloud as well as for your businesses.
- Things like Data masks and encryption should be used based on mail data sensitivity that conforms to enterprise data classification standards.
- You should be deploying applications in trusted areas on the authorized enterprise standard VM image.
- You should use industry standard VPN protocols like SSH, SSL and IPSEC when deploying virtual private cloud (VPC).
Cloud Security Architecture Patterns
If you are looking for something that can mitigate cloud security threats, architecting appropriate security controls that protect the CIA of information in the cloud is not a bad choice. In fact, security controls may be provided as a service by a provider (or by a business or a third party). Security architecture patterns are often expressed from security-technology and process control points. In addition, these security controls and service location should be highlighted in security templates.
As the North Star, Security architecture patterns can accelerate application migration to the cloud while managing security risks. In addition, cloud security architecture patterns should highlight the trust boundaries between the different services and components deployed at cloud services.
These samples must also indicate the standard interfaces, security protocols (such as SSL, TLS, IPSEC, LDAPS, SFTP, etc.) and the mechanisms available for authentication, token management, authorization, security event log, code method or encryption algorithm.
These models must also indicate the standard interfaces, security protocols (e.g. SSL, TLS, IPSEC, etc.) and available mechanisms for authentication, authorization, encryption methods, token management, authorization, encryption algorithms, security event logging, sources of truth for user policies and properties, and articulated models (tight or loose).
Infrastructure Security services (controls) at cloud service providers
In fact, cloud service providers are expected to provide security controls to protect DoS as well as protect the confidentiality and integrity of sessions originating from Mobile as well as PCs. Typically, these sessions are initiated by the browser or client. They are usually delivered by SSL / TLS ending in a load balancer managed by the cloud service provider. Cloud providers often do not share DoS protection mechanisms because hackers can easily take advantage of it.
Hopefully this article is helpful for you