Cloud 3-4-5
Cloud 3-4-5
Virtual Machine?
1. A frontend platform
2. A backend platform
3. A cloud-based delivery model
4. A network (internet, intranet, or intercloud)
Frontend
• In cloud computing, frontend platforms
contain the client infrastructure—user
interfaces, client-side applications, and the
client device or network that enables users to
interact with and access cloud computing
services. For example, you can open the web
browser on your mobile phone and edit a
Google Doc. All three of these things describe
frontend cloud architecture components.
Backend
On the other hand, the back end refers to the cloud architecture
components that make up the cloud itself, including computing
resources, storage, security mechanisms, management, and
more.
List of Backend Components
1.Application
2.Service
3.Runtime Cloud
4.Storage
5.Infrastructure
6.Management
7.Security
3.4 Cloud Database
• A cloud database is a database that is
deployed, delivered, and accessed in the
cloud. Cloud databases organize and store
structured, unstructured, and semi-structured
data just like traditional on-premises
databases.
Encrypted cloud database architecture.
What Is Cloud IAM?
• A cloud identity management system
comprises the tools, policies, and processes
that protect a company’s critical resources
across cloud services and platforms. In other
words, access management in the cloud
dictates who may access what and when.
What are the components of cloud-based access management?
1.Shared responsibility:-
The shared responsibility model is the most commonly used, where the cloud
provider is responsible for the security of the cloud infrastructure and the
customer is responsible for the security of their data and applications
2.Multi-tenancy:-
The multi-tenancy model is used when multiple tenants use the same cloud
infrastructure, where the cloud provider is responsible for the security of the
infrastructure and the tenants are responsible for the security of their own
data.
3.Risk-based:-
The risk-based model identifies and mitigate the risks associated with cloud
computing, and the cloud provider and the customer work together to
identify potential risks and develop a security strategy to address those risks.
Cloud Security Threats and Risks
You cannot completely eliminate risk; you can only manage it.
Knowing common risks ahead of time will prepare you to deal with
them within your environment.
1. Zero-Day Exploits
2. Advanced Persistent Threats
3. Insider Threats
4. Cyberattacks
Cloud Security Compliance
• Conduct a risk assessment
• Implement robust security measures
• Develop and implement policies and
procedures
• Conduct regular audits and assessments
• Work closely with cloud service providers
• Use compliance management tools
4.2 Cloud Security Architecture
7 core principles of a cloud security architecture
• Security by design – cloud architecture design should implement security
controls that are not vulnerable to security misconfigurations. For example, if a
cloud storage container holds sensitive data, external access should be locked,
and there should be no way for an administrator to open access to the public
Internet.
• Visibility – many organizations use multi-cloud and hybrid-cloud deployments
that traditional security solutions fail to protect. An effective strategy accounts
for both the tools and the processes to maintain visibility throughout an
organization’s complete cloud-based infrastructure.
• Unified management – security teams are often overworked and understaffed,
and so cloud security solutions must provide unified management interfaces.
Teams must be able to centrally manage a wide range of cloud security solutions
from one pane of glass.
• Network security – the cloud uses a shared responsibility model, and the
organization is responsible for securing traffic flows to and from cloud resources,
and between the public cloud and on-premise networks. Segmenting networks
is also important to limit an attacker’s ability to move laterally once they have
gained access to a network.
• Agility – the cloud fosters development and deployment of
new solutions. Security should not inhibit this agility.
Organizations can use cloud-native security solutions that
integrate seamlessly into the agile development lifecycle.
• Automation – automation is critical to swift provisioning and
updating of security controls in a cloud environment. It can
also help identify and remediate misconfigurations and other
security gaps in real time.
• Compliance – regulations and standards protect both data and
processes in the cloud. Organizations can leverage cloud
provider solutions, but will often need third party solutions to
manage compliance across multiple cloud providers.
5 Key Components of Cloud Computing Security
Architecture
1. Identity and Access Management (IAM)
Identity and Access Management (IAM) involves managing who can access cloud resources and what actions they can perform. IAM
systems can enforce security policies, manage user identities, and provide audit trails, among other functions.
IAM plays a pivotal role in mitigating insider threats. By implementing least privilege access and segregation of duties, organizations can
limit the potential damage caused by malicious insiders. Moreover, IAM can also help detect unusual user behavior, providing early
warning signs of potential security breaches.
2. Network Security
Network security involves protecting the integrity, confidentiality, and availability of data as it moves across the network. Network security
measures include firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS), and virtual private networks (VPN),
among others. All cloud providers offer a virtual private cloud (VPC) feature which allows an organization to run a private, secure network
within their cloud data center.
In a cloud environment, network security becomes even more critical as data often travels over the internet to reach the cloud. Therefore,
organizations should prioritize implementing robust network security measures to protect their data in transit.
3. Data Security
In a cloud computing security architecture, data security involves protecting data at rest, in transit, and in use. It encompasses various
measures, including encryption, tokenization, data loss prevention (DLP), and secure key management. A critical aspect of data security in
the cloud is applying access controls and secure configuration to cloud storage buckets and cloud databases.
With the proliferation of data breaches and the advent of regulations like the General Data Protection Regulation (GDPR), data security has
become a top priority for organizations, and has an additional compliance aspect. Failing to protect data in the cloud could result in costly
fines and legal implications.
• 4. Endpoint Security
Endpoint security focuses on securing endpoints or user devices that access the
cloud, such as laptops, smartphones, and tablets. Given the shift to remote work
and Bring Your Own Device (BYOD) policies, endpoint security has become a critical
aspect of cloud computing security. Organizations must make sure that users only
access their cloud resources with devices that are properly secured.
• Endpoint security measures include antivirus software, firewalls, and device
management solutions that can enforce security policies on user devices.
Moreover, endpoint security can also involve measures like user training and
awareness, helping users recognize and avoid potential security threats.
• 5. Application Security
Application security is another vital part of a cloud security architecture. It involves
securing applications running in the cloud against various security threats, such as
injection attacks, cross-site scripting (XSS), and Cross-Site Request Forgery (CSRF).
Application security can be achieved through various means, including secure
coding practices, vulnerability scanning (in particular, container image
scanning and infrastructure as code scanning), and penetration testing.
Additionally, runtime application self-protection (RASP) and web application
firewalls (WAF) can provide added layers of protection. Dedicated cloud native
security solutions can help secure cloud native workloads like containers and
serverless functions.Learn more in our detailed guide to cloud security solutions
What Are Cloud Security Controls?
• Pros
1. Takes less space than full backups
2. Faster restoration than incremental backups
3. Much faster backups than full backups
• Cons
1. Potential for failed recovery if any of the backup sets are incomplete
2. Compared to incremental backups, the backup takes longer and
requires more storage space
3. Compared to full backups, restoration is slow and complex
Cloud Network Security
• Like cloud security, cloud network security
refers to the technology, policies, controls, and
processes used to protect data and solely
focuses on protecting cloud networks from
unauthorized access, modification, misuse, or
exposure.
Cloud security threats
• 1. Data breaches
A data breach occurs when information is accessed without
authorization.
2. Unmanaged attack surface
The term “attack surface” is a new concept born from cloud computing.
Prior to the cloud, data was all stored in one location so it was much
easier to secure the perimeter around the data center.
But cloud computing blurred the boundaries—the cloud is ever-changing,
and it’s not always clear where data is housed or who is responsible for it.
Traditional asset discovery, risk assessment, and vulnerability
management processes were developed when networks were more
stable and centralized. They simply can’t keep up with the speed at which
new vulnerabilities and attack vectors arise in cloud computing. The sum
of these vulnerabilities makes up the attack surface.
• 3. Data loss
Cloud-based systems can also fall victim to data loss—just like
home and office networks. Data loss can happen as a result of
a data breach, natural disaster, or a system-wide
malfunction. Truly protecting your documents means:
• 4. Insufficient access management
Access management is used to authorize access to information
stored in the cloud. It limits:
– Who has access to certain documents
– Where users are allowed to access documents
– Which devices are permitted access
From ensuring only safe devices are able to connect to your network
to creating employee guidelines prohibiting the use of public Wi-Fi,
limiting who has access and where is important for cloud
cybersecurity. Insufficient access management of data stored in the
cloud could result in valuable information ending up in the wrong
hands.
5. Hijacking
Ineffective security resources and protocols could potentially
lead to the hijacking of a cloud network.
Cloud account hijacking occurs when a cyberattacker
manages to gain control of a cloud-based
account. Cybercriminals use phishing scams and botnets to
infiltrate and infect cloud-based systems, taking complete
control once successful. Hackers can then steal your
credentials and information, or in the case of a business,
highly sensitive customer or corporate files.
6. Malware infections
• Today’s hackers have many means to infiltrate
cloud-based systems. One of them is malware,
a type of software that’s installed on a
computer without the user’s consent in order
to disrupt, damage, or take control of the
system.
7. Insider threats
• Unlike insufficient access management, insider threats refer
to those who already have access to your cloud
network. These users ignore the cloud cybersecurity rules
you’ve put in place to protect your privacy and data. They
could be websites you don’t want your guests visiting or files
employees shouldn't share outside of the company network.
• Protecting your cloud network starts with managing how
people within your immediate circle utilize it.
8.Denial-of-Service Attacks
• Denial of service (DoS) attacks involve hackers flooding
systems with automated empty connections, overwhelming
resources and denying service to legitimate users. In the cloud,
because systems are often exposed to public networks, there is
a much larger threat of DoS.
• Attackers can also leverage the massive scalability of the cloud
to drive their attacks. In some cases, attackers compromise
cloud accounts and launch cloud instances to perform DoS
attacks against others. This can result in high cost to the victim,
and legal exposure, because the DoS attack originates from
their own cloud environment.
What are Cloud Application Security Controls?
Effective cloud application security controls are essential for safeguarding cloud-
based applications. Below are some best practices to consider:
• Identity and Access Management (IAM): Implement strong IAM policies to ensure
users have appropriate permissions to access applications and data. Multi-Factor
Authentication (MFA) and Single Sign-On (SSO) enhance security.
• Data Encryption: Use encryption for data in transit and at rest. Implement various
encryption mechanisms to protect sensitive information from unauthorized access.
• Monitoring Threats: Continuously monitor cloud applications in real-time to
detect unusual behavior and respond to threats promptly. Leverage threat
intelligence data to stay ahead of malicious actors.
• Compliance: Ensure your cloud applications comply with industry regulations and
standards,. Regular audits can verify compliance and identify any shortcomings.
• Security Monitoring and Reporting: Implement mechanisms for monitoring and
reporting security-related events in your cloud applications. This helps in early
threat detection and swift response.
5.2 What is edge computing?
• Edge computing is a distributed information
technology (IT) architecture in which client
data is processed at the periphery of the
network, as close to the originating source as
possible.
Benefits of Edge Computing
• Reduced delay and Improved Performance
• Improved Security and Data Privacy
• High Resiliency
• Increased Scalability
• Operational Cost Savings
Edge Computing Challenges
• Cloud APIs are often labeled by the layer at which they connect cloud services.
Typically, this connection occurs at one of three levels:
• Infrastructure level: Infrastructure-level APIs, also called
infrastructure-as-a-service (IaaS) APIs, help provision and manage cloud-hosted
infrastructure. IaaS APIs may be used to streamline the management of virtual
servers, cloud storage, cloud security, and other infrastructure-level software
and services.
• Service level: Service-level APIs, or platform-as-a-service (PaaS) APIs, connect
this infrastructure to third-party platforms for developing applications. PaaS
APIs allow developers to access development tools, operating systems,
software, and databases so they can build their own applications.
• Application level: Application-level APIs, or software-as-a-service (SaaS) APIs,
connect infrastructure to cloud-based applications that are managed by third-
party providers. SaaS APIs enable users to access fully-built cloud applications
(e.g. Gmail) from a client.
REST API Introduction
1. Collaboration
2. Data-Based Decision Making
3. Customer-Centric Decision Making
4. Constant Improvement
5. Responsibility Throughout the Lifecycle
6. Automation
7. Failure as a Learning Opportunity
1. Collaboration
DevOps in its purest form is the integration of the
development (Dev) and operations (Ops) teams. This means
that collaboration is central to the foundation of DevOps. By
working together, development can better configure the
software for the operations phase and operations can test the
software earlier to ensure it will meet requirements.
2. Data-Based Decision Making
Another central principle of DevOps is informing your
decisions with data. Whether it's selecting the right tech stack
or selecting tools to streamline your pipeline, you should
always collect data around each decision to ensure your
choice agrees with your team's metrics and historical data
3. Customer-Centric Decision Making
The customer should be a central focus in a DevOps lifecycle.
Equally as important as data, decisions should be weighed
with the question, "Will this benefit the customer?" Collecting
feedback from the customer on the existing product will guide
future optimization
4. Constant Improvement
DevOps focuses on constant improvement, or the idea that the team
should continuously focus on new features and upgrades. Another key
idea follows the Agile methodology of incremental releases.Previous
software development strategies would focus on delivering the perfect
product all at once. Though this sounds ideal, in execution it often meant
that software deliveries would be delayed for long periods while issues
were resolved. Instead, incremental releases allow the team to focus on
achieving a minimum viable product (MVP) to meet the customer's core
use case as soon as possible
5. Responsibility Throughout the Lifecycle
In traditional software development models, the development team codes
and builds the application. They then hand it to the operations team to
test, deploy, and deliver to the customer. Any bugs discovered in the
second phase are left to the operations team instead of the developers
who wrote the code.DevOps shows us a more logical approach:
responsibility throughout the lifecycle. The whole team is responsible for
the product from initial planning to its end of life. During this entire
process, the development and operations teams are working hand in hand
to update the software and address issues
6. Automation
A key benefit of the DevOps approach is speed: speed of
software delivery, speed of updates, speed of patches. This
momentum is achieved with automation. DevOps teams aim
to automate every single phase of the process, from code
reviews to handoffs to provisioning and deployment
7. Failure as a Learning Opportunity
DevOps is a flexible approach to development. Processes are
constantly being fine-tuned just as the software itself is
continuously improving. Part of maintaining this flexibility is to
view failure as an opportunity to learn and improve. Rather
than trying to avoid failure at all costs, encourage risk-taking
in the right context
The benefits of DevOps – Cloud Combination
• Resource Efficiency: Because containers share the kernel of the host operating
system, running a separate operating system for each instance is no longer
necessary. As a result, resource efficiency is greatly improved.
• Rapid Deployment: Containers can be built and deployed rapidly, enabling
seamless integration into continuous integration and delivery pipelines — and
fostering agile development practices.
• Scalability: Containers enable horizontal scaling by
replicating instances across a cluster, effortlessly handling increased workloads,
and facilitating fault-tolerant architectures.
• Portability: Containers encapsulate applications and their dependencies, making
them highly portable across different environments, including development,
testing, and production.
• Easy Management
• Container orchestration tools take care of application management, automating
installation, scaling and management of containerization workloads.
The three characteristics of highly effective containers