Introduction to Cloud Security Architecture

By CIOReview | Tuesday, May 23, 2017

With organizations widely leveraging cloud computing as well as mobile computing applications, the security of data has become one of the key factors of concern. While today, even the most important as well as confidential information are stored in the Cloud, data security during transmission as well as in store has to be made sure of. Many organizations worked through the security challenges even with in-house servers. Moreover, the solutions have grown more complicated as the enterprise leverages more architecture that blend cloud services in concert with mobile devices.

Ensuring better data safety and security, Cloud applications developers are successfully developing security applications for IaaS and PaaS platforms. Furthermore, security practices and incident response practices are widely adopted. These solutions are designed to offer the basic security features such as DoS attack mitigation, logging, firewall management, and user profile management. Cloud security concerns range from securely configuring virtual machines deployed on an IaaS platform to managing user privileges in a PaaS cloud.

Efficient security architecture will have the ability to engage with key stakeholders for developing a strategic solution that aligns with the organization’s business goals. 

The cloud security operational model

Cloud service providers are responsible for securing the shared infrastructure, adopting firewalls, management consoles, load balancers, and API. Moreover, the cloud security architecture should be aligned with the technology architecture as well as the organizational principles.

Not only cloud services are disrupted by virus attacks, even miss-configuration issues, as well as improper user policy settings can lead to errors. For achieving continuous availability and best services, the cloud security architecture should be architected to withstand various disruptions that could have diverse effects.
The following principles can be applied for evaluating the security features of a cloud service maturity:

1. Security Policy Disclosure

Ensuring compliance with standard frameworks such as ISO 27001, CSA, SS 16 and Cloud controls matrix are important aspects to be followed. In addition, the control matrix certification should be in parallel to the organizations security policies, and practices. The scope of controls has to be disclosed when the cloud services are ISO 27001 certified. Furthermore, the Cloud that host regulated data should be PCI DSS, Sarbanes-Oxley and HIPAA standardized.

2. Security Architecture

The security architecture of the cloud plays a vital role in the safety of files. Architecting the right security systems and controls that protect the information can mitigate the cloud security threats to a better extend. Security controls can be adopted by the cloud service enterprise from a 3rd party provider, or as a service (Security-as-a-Service). The cloud service provider should disclose security architectural details that either help or hinder security management as per the enterprise standard.

3. Automation of Security

Moving in parallel with the changing security arena, the security automation techniques by publishing API, HTTP or SOAP should be introduced in the cloud. Export and import of security event logs, user entitlements (privileges), change management logs, firewall policies, user profiles, and access logs in an XML or enterprise log standard format. Moreover, continuous security monitoring including support for emerging standards such as Cloud Audit are becoming mandatory today.

• Governance and Security responsibility: Governance and security management responsibilities of the customer versus those of the cloud provider should be clearly articulated.

Ever since the introduction of networking, the security threats were also a major concern. With time, the network and cloud systems have evolved, as well as the security threats too. This cements the fact that nothing can be made fully secure around us, but only the layers of security can be improved.