Cloud Security Architecture
Ahmed Nabil is the Guest Author
Everyone is talking about the cloud, and the benefits of moving your environment infrastructure and platforms to the cloud. This is true for me. Consider the current Corona virus pandemic and the mandate for remote working. Imagine the ease of this model if your environment or technology is on the Cloud. This allows you to connect from anywhere and deliver the same quality as if you were in your traditional office.
What is cloud computing?
NIST 800-145 defines the characteristics of cloud service as being on-demand service, broad network access and resource pooling. This definition is helpful for security professionals. As you can see, the driving factor of cloud was productivity, availability, and resilience. However, security is not included in this equation.
Problem is, once you start using cloud services, it becomes an endless project. Cloud services can be extended or migrated to add more tools, computers and servers to your IT portfolio. This means that you have a completely new area of attack or network perimeter that needs to be secured.
The cloud will bring new challenges to your IT environment.
This is a complete change and security is designed to address all these challenges.
Information Security Transformation
Many businesses are moving to the digital age by using the most recent technologies. This transformation is mainly driven by the need to compete with digital native startups. Digital startups are disrupting the industry and forcing competitors to either move to new digital businesses or exit the market.
Information security will face both new challenges and opportunities in the digital and IT world. As we have discussed, the challenges are huge. However, there is also an opportunity to solve long-standing security issues using the new technology platforms and the cloud.
With the above-mentioned problems, it is clear that the old network perimeter has changed. In the past, your perimeter was your office network. To access and work on your files and data, you had to check in at your office. Cloud has made the network perimeter obsolete. Users can access the cloud from any device or platform and work anywhere.
The identity perimeter, the modern perimeter, is the main protection. This means that your identity controls (Information assets and end-point devices) are the primary protection. This requires a new architecture mindset that is based on the cloud/customer cloud responsibility matrix.
Cloud and Customer Responsibility Sharing
Some users believe that moving to the cloud will make their lives easier by default, while others feel they are more secure. In reality, it is a shared responsibility of both the user and the cloud provider. Cloud will offer better security options, but again, the user must use it and configure it to get maximum benefit.
Let’s take the Software as a Service (SAAS) example, which is one of most popular models for leveraging the cloud. The following Cloud/Customers responsibility matrix identifies three areas of customer responsibility:
Identity Protection is crucial. This means more investment in Privilege Access Management Software, getting rid old identities, and adopting IAM solutions which support single sign-on (SSO), leverages protocols like (SAML), and integrates with third parties. Use of Multi-factor authentication (since password).