Cloud Computing Security Architecture
Security in cloud computing is a major concern. Proxy and brokerage services should be employed to restrict a client from accessing the shared data directly. Data in the cloud should be stored in encrypted form.
Before deploying a particular resource to the cloud, one should need to analyze several aspects of the resource, such as:
Understanding Security of Cloud
The Cloud Security Alliance (CSA) stack model defines the boundaries between each service model and shows how different functional units relate. A particular service model defines the boundary between the service provider's responsibilities and the customer. The following diagram shows the CSA stack model:
Key Points to CSA Model
Although each service model has a security mechanism, security requirements also depend on where these services are located, private, public, hybrid, or community cloud.
Understanding data security
Since all data is transferred using the Internet, data security in the cloud is a major concern. Here are the key mechanisms to protect the data.
The service model should include security mechanisms working in all of the above areas.
Separate access to data
Since the data stored in the cloud can be accessed from anywhere, we need to have a mechanism to isolate the data and protect it from the client's direct access.
Broker cloud storage is a way of separating storage in the Access Cloud. In this approach, two services are created:
All the above steps are shown in the following diagram:
Encryption helps to protect the data from being hacked. It protects the data being transferred and the data stored in the cloud. Although encryption helps protect data from unauthorized access, it does not prevent data loss.
Why is cloud security architecture important?
The difference between "cloud security" and "cloud security architecture" is that the former is built from problem-specific measures while the latter is built from threats. A cloud security architecture can reduce or eliminate the holes in Security that point-of-solution approaches are almost certainly about to leave.
It does this by building down - defining threats starting with the users, moving to the cloud environment and service provider, and then to the applications. Cloud security architectures can also reduce redundancy in security measures, which will contribute to threat mitigation and increase both capital and operating costs.
The cloud security architecture also organizes security measures, making them more consistent and easier to implement, particularly during cloud deployments and redeployments. Security is often destroyed because it is illogical or complex, and these flaws can be identified with the proper cloud security architecture.
Elements of cloud security architecture
The best way to approach cloud security architecture is to start with a description of the goals. The architecture has to address three things: an attack surface represented by external access interfaces, a protected asset set that represents the information being protected, and vectors designed to perform indirect attacks anywhere, including in the cloud and attacks the system.
The goal of the cloud security architecture is accomplished through a series of functional elements. These elements are often considered separately rather than part of a coordinated architectural plan. It includes access security or access control, network security, application security, contractual Security, and monitoring, sometimes called service security. Finally, there is data protection, which are measures implemented at the protected-asset level.
A complete cloud security architecture addresses the goals by unifying the functional elements.
Cloud security architecture and shared responsibility model
The security and security architectures for the cloud are not single-player processes. Most enterprises will keep a large portion of their IT workflow within their data centers, local networks, and VPNs. The cloud adds additional players, so the cloud security architecture should be part of a broader shared responsibility model.
A shared responsibility model is an architecture diagram and a contract form. It exists formally between a cloud user and each cloud provider and network service provider if they are contracted separately.
Each will divide the components of a cloud application into layers, with the top layer being the responsibility of the customer and the lower layer being the responsibility of the cloud provider. Each separate function or component of the application is mapped to the appropriate layer depending on who provides it. The contract form then describes how each party responds.