CLOUD ARCHITECTURE & DESIGN
SECURITY IMPLICATIONS IN A CLOUD COMPUTING ENVIRONMENT
Cloud architecture covers broad areas of security implications in a cloud computing environment and is best determined once determining the operational model. Since cloud services are delivered in several combinations (IaaS, PaaS and SaaS) we can only talk about cloud security in a particular context.
Software as a Service (SaaS) involves software hosted and maintained on internet. With SaaS, users do not have to install the software locally.
Development as a Service (DaaS) involves web-based development tools shared across communities.
Platform as a Service (PaaS) provides users with application platforms and databases, equivalent to middleware services.
Infrastructure as a service (IAAS) provides for infrastructure and hardware such as servers, networks, storage devices, etc. running in the cloud. to users against a pay per usage basis.
Software as a Service (SaaS) involves software hosted and maintained on internet. With SaaS, users do not have to install the software locally.
Development as a Service (DaaS) involves web-based development tools shared across communities.
Platform as a Service (PaaS) provides users with application platforms and databases, equivalent to middleware services.
Infrastructure as a service (IAAS) provides for infrastructure and hardware such as servers, networks, storage devices, etc. running in the cloud. to users against a pay per usage basis.
CISO AG will assist you in implementing the following design safeguards to secure your organisation:
Implement a strong identity foundation
Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize privilege management and reduce or even eliminate reliance on long-term credentials.
Enable traceability
Apply security at all layers
Rather than just focusing on protecting a single outer layer, apply a defence-in-depth approach with other security controls. Apply to all layers, for example, edge network, virtual private cloud (VPC), subnet, load balancer, every instance, operating system, and application.
Automate security best practices
Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.
Protect data in transit and at rest
Classify your data into sensitivity levels and use mechanisms, such as encryption and tokenization where appropriate. Reduce or eliminate direct human access to data to reduce risk of loss or modification.
Prepare for security events