First Steps in Developing a Cloud Security Architecture

October 20, 2021

Tags:AWS Cloudcloud securityClour Security Architecture

Security issues are among the biggest concerns when migrating to the Cloud. And that's a reasonable approach - cybersafety shouldn't be sidelined. After all, even Cloud-native companies check up on their security setup regularly. Luckily, as a whole, the Cloud issafe. For example, in 2019, around 90% of all Cloud-based security issues resulted not from Cloud faults themselves, but from misconfiguration. That's why it's so important to develop a proficient strategy for your cloud security architecture and, as a result, avoid unwanted risks.

Big platform leaders like Amazon Web Services (AWS), Google Cloud Platform (GCP), or Microsoft Azure make great efforts to stay secure and meet various levels of certification. As a result, the problem rarely lies in the technology itself - but in the components and solutions built within.

So, to help make your Cloud endeavours smooth and secure, in this article we're going to take you through the key elements and fundaments of cloud security architecture.

What is Cloud Security Architecture?

In a broad understanding, Cloud security is about protecting information, data, applications, platforms, and the infrastructure that operate or exist within the Cloud.

Cloud security architecture is where cloud security starts. Cloud security architecture defines the security layers, design, and structure of the platforms, infrastructure, software, tools, and best practices that exist to make the Cloud solution secure.

A Secure Cloud Starts with Cloud Security Architecture

To prevent and mitigate threats, an organization should first understand its current cloud security posture, and plan which controls and security solutions will be the most useful to use.

Creating a strategy for cloud security architecture should start early in the design process. It should be an integral part of the solution to maximize efficiency. Unfortunately, it happens regularly that cloud architects will concentrate mainly on the performance and add security later. Don't make the same mistake. Treat cloud security as a priority - and start by working on your cloud security architecture.

Key Indicators of Developing a Secure Cloud Storage and System

Developing a successful cloud security architecture enables you to strengthen (or even set up in the first place) 3 pillars of cloud security. Understanding each of these pillars will help you to plan your cloud security architecture with a more strategic overview in mind.

These pillars, as defined by Intel, are:

Confidentiality.One of the key capabilities of cloud security is to keep your data secret and unreadable to those who shouldn't have access to it. This may both be people from outside your organization - like attackers - as well as people from inside of your organization who don't have clearance to view specific information.
Integrity.To maximize security, your systems and applications should function exactly as you expect them to. This means that they shouldn't produce any unexpected or misleading outputs.
Availability.Often overlooked, availability addresses denial-of-service (DoS) attacks. Even if attackers won't be able to see or change your data, they could still make it unavailable to you or your customers - which can create huge losses.

Principles of Cloud Security Architecture

To create a Cloud system with solid confidentiality, integrity, and availability, you need to set up different tools that will safeguard your systems and data. Moreover, you should also follow certain principles to make sure your architecture is well-designed.

This includes:

Security controls.Defined both by technologies and processes, they include parameters and policies implemented across users, data, and infrastructure to manage the general security posture.
Trust boundaries.They define the trust between the different services and components deployed on the Cloud.
Token management.It enables a safe authentication of users.
Encryption methods.These include algorithms like 128-bit AES, Triple DES, RSA, or Blowfish. They ensure data at rest and travelling between internal and external Cloud connection points is safe.
Security event logging.With it, all important security events are captured, prioritized, and delivered to security teams.
Standard interfaces and security protocols.This includes SSL, SFTP, SSH, OAuth, IPSEC, and more.

How to Know Which Cloud Security Tools and Technologies are the Right Choices?

To pick the right tools and technologies, you should be able to clearly define their purpose and specifics. If you do, it will be easier to judge if the given solution is efficient and if it's planned correctly.

Right from the start, you should be able to tell:

Whata given service's role is.
Whereit will be located (public cloud, on-premise, or third-party service).
Whatprotocols will be used to access the service.
Whatthe service receives and what it will be expected to deliver.
Whooperates the service.
Whattypes of control the service achieves.

Defining all the above will help you to determine if it's useful. As a result, you'll eliminate flops that are easy to avoid and end up with a better cloud security architecture.

Example - Cloud Security in AWS: The Most Common Issues

In one of our previous articles, Michał Brygidyn - Cloud expert and White-Hat Hacker - talked in detail about the most common security issues in the AWS cloud.

Must Read: CloudSecurity in AWS: The Most Common Issues

And although the text focuses AWS security issues, this overview may apply to any Cloud platform - be it Azure or Google Cloud Platform. The technologies and individual solutions may change, but the overall principles do not.

Additionally, make sure to watch this bonus video about the general principles of making your IT projects secure:

Different Cloud Security Architecture for Different Purposes - Saas, PaaS, and IaaS

Finally, as you know, there are 3 main types of cloud computing services. These models are Infrastructure-as-a-Service(IaaS), Platforms-as-a-Service(Paas), and Software-as-a-Service(SaaS). From an IT perspective, setting up the optimal security will differ for each of these models.

IaaS Cloud Security Architecture

IaaS providers have to focus on runtime encryption and orchestration capabilities empowering clients to manage key encryption for any application they use in the cloud.

Such a cloud security architecture should/may include endpoint protection (EPP), a cloud access security broker (CASB), a vulnerability management solution, access management, and data and network encryption.

PaaS Cloud Security Architecture

PaaS providers should pay attention to multiparty usage and create trust in moving data from and to the platform.

Such an architecture usually requires both standard cloud security architecture solutions, and common solutions, like a Cloud Workload Protection Platform (CWPP).

SaaS Cloud Security Architecture

This model includes productivity software suites and is popular for both business and individual purposes. It must be secured at the CSP level. Since users have limited control over SaaS offerings, their security activity means adhering to best practices. For example, using strong passwords, being careful, and avoiding scams.

SaaS security components should include identity and access management, cloud access security broker (CASB), and data protection with APIs, proxies, or gateways.

Summary

As mentioned in the intro, some of the biggest security breaches result from misconfiguration and improper access practices. What might seem like a simple change can leave you open to much larger exploits and consequences.

That's why it's so important to develop a proper Cloud Security Architecture that addresses all the basic issues and misconfigurations. Because remember - if set up well, the Cloud is unarguably very safe.

Sources:

https://www.intel.co.uk/content/www/uk/en/cloud-computing/cloud-security-architecture.html

https://www.redhat.com/en/topics/cloud-computing/public-cloud-vs-private-cloud-and-hybrid-cloud

htps://www.guidepointsecurity.com/education-center/cloud-security-architecture/

Attachments

Original document
Permalink

Disclaimer

PGS Software SA published this content on 21 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 28 October 2021 12:02:09 UTC.

	1st Jan change	Capi.
ACCENTURE PLC	-13.61%	191B
TATA CONSULTANCY SERVICES LTD.	+1.75%	168B
IBM	+2.37%	153B
AUTOMATIC DATA PROCESSING, INC.	+4.71%	100B
RELX PLC	+6.14%	77.3B
CROWDSTRIKE HOLDINGS, INC.	+19.08%	73.54B
INFOSYS LIMITED	-7.14%	71.18B
SNOWFLAKE INC.	-20.88%	52.58B
HCL TECHNOLOGIES LIMITED	-6.27%	45.02B

1st Jan change

Capi.

ACCENTURE PLC

-13.61%

191B

TATA CONSULTANCY SERVICES LTD.

+1.75%

168B

IBM

+2.37%

153B

AUTOMATIC DATA PROCESSING, INC.

+4.71%

100B

RELX PLC

+6.14%

77.3B

CROWDSTRIKE HOLDINGS, INC.

+19.08%

73.54B

INFOSYS LIMITED

-7.14%

71.18B

SNOWFLAKE INC.

-20.88%

52.58B

HCL TECHNOLOGIES LIMITED

-6.27%

45.02B

PGS Software S.A. Reports Earnings Results for the Third Quarter and Nine Months Ended September 30, 2021	21-11-29	CI
Xebia Consultancy Services B.V. completed the acquisition of PGS Software S.A. from Infinitas Fundusz Inwestycyjny Zamkniety Aktywow Niepublicznych, managed by Copernicus Capital Towarzystwo Funduszy Inwestycyjnych S.A., Presto Fundusz Inwestycyjny Zamkniety Aktywow Niepublicznych, managed by Copernicus Capital Towarzystwo Funduszy Inwestycyjnych S.A., Nationale-Nederlanden Powszechne Towarzystwo Emerytalne S.A., and others for approximately PLN 510 million.	21-10-03	CI
Pgs Software S.A. Reports Earnings Results for the Second Quarter Ended June 30, 2021	21-09-06	CI
Xebia Consultancy Services B.V. agreed to acquire PGS Software S.A. from Infinitas Fundusz Inwestycyjny Zamkniety Aktywow Niepublicznych, managed by Copernicus Capital Towarzystwo Funduszy Inwestycyjnych S.A., Presto Fundusz Inwestycyjny Zamkniety Aktywow Niepublicznych, managed by Copernicus Capital Towarzystwo Funduszy Inwestycyjnych S.A., Nationale-Nederlanden Powszechne Towarzystwo Emerytalne S.A., Pgs Software Spolka Akcyjna and others for approximately PLN 450 million.	21-08-04	CI
PGS Software Starts Review of Strategic Options	21-03-10	CI
PGS Software S.A. Announces Dividend, Payable on September 25, 2020	20-07-29	CI
Tranche Update on PGS Software S.A.'s Equity Buyback Plan announced on June 3, 2019.	19-06-17	CI
PGS Software S.A.'s Equity Buyback announced on June 3, 2019, has expired with 171,200 shares, for PLN 1.63 million.	19-06-13	CI
PGS Software S.A. announces an Equity Buyback for 1,200,000 shares, representing 4.07% for PLN 11.4 million.	19-06-03	CI
PGS Software S.A. authorizes a Buyback Plan.	19-06-02	CI
PGS Software S.A. Reports Preliminary Revenue Results for the Third Quarter of 2016	16-10-11	CI
Infinitas Fundusz Inwestycyjny Zamkniety Aktywow Niepublicznych sold 4.33% stake in PGS Software S.A..	16-09-09	CI
Infinitas FIZAN and Presto FIZAN acquired 84.34% stake in PGS Software S.A. from Snowfinch 8 Sp. z o.o.	16-02-04	CI

PGS Software S.A.

Equities

PSW

PLSFTWR00015

IT Services & Consulting

First Steps in Developing a Cloud Security Architecture

Latest news about PGS Software S.A.

Chart PGS Software S.A.

Company Profile

Sector Other IT Services & Consulting