Cloud Architecture & Design

Cloud architecture covers broad areas of security implications in a cloud computing environment and is best determined once determining the operational model. Since cloud services are delivered in several combinations (IaaS, PaaS and SaaS) we can only talk about cloud security in a particular context.

Software as a Service (SaaS) involves software hosted and maintained on internet. With SaaS, users do not have to install the software locally.

Development as a Service (DaaS) involves web-based development tools shared across communities.

Platform as a Service (PaaS) provides users with application platforms and databases, equivalent to middleware services.

Infrastructure as a service (IAAS) provides for infrastructure and hardware such as servers, networks, storage devices, etc. running in the cloud. to users against a pay per usage basis.

Design Principles

CISO AG will assist you in implementing the following design safeguards to secure your organisation:

Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with your AWS resources. Centralize privilege management and reduce or even eliminate reliance on long term credentials.

Monitor, alert, and audit actions and changes to your environment in real time. Integrate logs and metrics with systems to automatically respond and take action.

Rather than just focusing on protecting a single outer layer, apply a defence-in-depth approach with other security controls. Apply to all layers, for example, edge network, virtual private cloud (VPC), subnet, load balancer, every instance, operating system, and application.

Automated software-based security mechanisms improve your ability to securely scale more rapidly and cost effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.

Classify your data into sensitivity levels and use mechanisms, such as encryption and tokenization where appropriate. Reduce or eliminate direct human access to data to reduce risk of loss or modification.

Prepare for an incident by having an incident management process that aligns to your organizational requirements. Run incident response simulations and use tools with automation to increase your speed for detection, investigation, and recovery.