E-Book, Englisch, 252 Seiten
Iyer Hybrid Cloud Security Patterns
1. Auflage 2024
ISBN: 978-1-80323-397-0
Verlag: De Gruyter
Format: EPUB
Kopierschutz: 0 - No protection
Leverage modern repeatable architecture patterns to secure your workloads on the cloud
E-Book, Englisch, 252 Seiten
ISBN: 978-1-80323-397-0
Verlag: De Gruyter
Format: EPUB
Kopierschutz: 0 - No protection
Security is a primary concern for enterprises going through digital transformation and accelerating their journey to multi-cloud environments. This book recommends a simple pattern-based approach to architecting, designing and implementing security for workloads deployed on AWS, Microsoft Azure, Google Cloud, and IBM Cloud.
The book discusses enterprise modernization trends and related security opportunities and challenges. You'll understand how to implement identity and access management for your cloud resources and applications. Later chapters discuss patterns to protect cloud infrastructure (compute, storage and network) and provide protection for data at rest, in transit and in use. You'll also learn how to shift left and include security in the early stages of application development to adopt DevSecOps. The book also deep dives into threat monitoring, configuration and vulnerability management, and automated incident response. Finally, you'll discover patterns to implement security posture management backed with intelligence and automated protection to stay ahead of threats.
By the end of this book, you'll have learned all the hybrid cloud security patterns and be able to use them to create zero trust architecture that provides continuous security and compliance for your cloud workloads.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit
- Mathematik | Informatik EDV | Informatik Programmierung | Softwareentwicklung Software Engineering
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Verteilte Systeme (Netzwerke)
Weitere Infos & Material
Table of Contents - Opportunities and Challenges with Hybrid Multi-cloud Solutions
- Understanding Shared Responsibility Model for Cloud Security
- Cloud Identity and Access Management
- Implementing Identity and Access Management for Applications
- How to Secure Compute Infrastructure
- Implementing Network Isolation, Secure Connectivity, and Protection
- Data Security Patterns
- Shift Left Security for DevOps
- Managing the Security Posture for Your Cloud Deployments
- Building Zero Trust Architecture with Hybrid Cloud Security Patterns
1
Opportunities and Challenges with Hybrid Multi-cloud Solutions
Businesses are rapidly transforming to the digital era. Companies are reinventing processes and cultures to deliver enhanced experience to their customers using digital technologies. This drives the need to build new capabilities and modernize existing applications using the latest technology more quickly. Enterprises are trying to stay ahead of the competition. Being late to market can mean missed opportunities, lost revenue, or, even worse, going out of business. Companies who have been agile and successful are leveraging cloud at the heart of this digital transformation. Furthermore, they are taking a hybrid multi-cloud strategy and approach consisting of on-premises, private, and public clouds to drive better efficiency, performance, and cost optimization. For a business rapidly transforming into a digital enterprise that relies on a hybrid multi-cloud environment to do so, the security threats and attack surface become greater. It is critical to stay ahead of threats, protect valuable data and resources, and achieve regulatory compliance. This chapter discusses digitization trends, the hybrid cloud strategy adopted by enterprises, and the related security challenges.
In this chapter, we’re going to cover the following topics:
- The evolution of the cloud
- The digitization trends that drive opportunities and challenges for hybrid cloud solutions
- Security in the digital hybrid multi-cloud era
The evolution of the cloud
Driven by trends in the consumer internet, cloud computing has become the preferred way to consume and deliver IT solutions and services. Before we dive deeper into cloud security, it is important to understand some basic aspects of the cloud, the emerging trends in cloud solutions, culture, technologies, and modern development and delivery models.
Defining cloud computing
Let’s start by understanding and defining the term cloud computing in detail. It comprises two words – cloud and computing. So, simply put, it is computing that you can offer on the cloud. What exactly is the cloud referred to here? IT architects used the cloud symbol to represent the internet or the network in their drawings. The term cloud has evolved as a metaphor for the internet. Computing could be any goal-oriented activity requiring or benefiting from the usage of IT, which includes hardware and software systems used for a wide range of purposes – collecting, storing, processing, and analyzing various kinds of information. Cloud computing has evolved over time from utility computing to what it is today, enabled by virtualization, automation, and service orientation.
The following diagram defines the key elements of cloud computing:
Figure 1.1 – Cloud computing
There are several definitions that you can find on the web for cloud computing. National Institute of Standards and Technology (NIST) has promoted the effective and secure use of cloud computing technology within government and industry by providing technical guidance and promoting standards. According to NIST, cloud computing is a pay-per-use model of enabling available, convenient, and on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In general, most of the companies have agreed on certain general characteristics or essentials that NIST has pioneered that qualify any internet-based computing to be referred to as a cloud. They are the following:
- On-demand self-service: Cloud computing provides a catalog through which a consumer can request to provision any kind of service – computing involving a server, network, and storage or a middleware service such as a database or a software service such as email. This catalog provides self-service without requiring manual intervention on the part of the service provider.
- Ubiquitous network access: The key premise of cloud computing is that all the services and capabilities provided are accessible through the network. This can be the internet in the case of a public cloud or the intranet in the case of a private cloud. The resources on a cloud can be accessed through a variety of devices such as computers, mobile phones, and IoT devices over the network through multiple protocols.
- Location-independent resource pooling: A cloud’s business value comes from the economy of scale that is achieved by resource pooling. The provider pools the available computing resources and makes them dynamically available to clients based on demand. Physical resources including compute, network, and storage are pooled and leveraging virtualization assigned to clients in a multi-tenant model. In certain cases, consumers may not even know the exact location of the provided resources.
- Rapid elasticity: The cloud provides a means to rapidly scale up or scale down based on the demand. For the consumer, this is a very valuable business advantage of cloud solutions, as it requires them to only invest in resources when they need to. For instance, cloud consumers can start small with addressing requirements for one region or country and then scale their operations across the globe. Modern cloud technologies offer running applications and managing data without having to worry about infrastructure. Technologies such as serverless computing provide rapid elasticity and scale at a lower cost.
- Pay per use: Each cloud service is monitored, metered, and facilitates chargeback. This allows providers to promote their subscription plans and consumers to choose a billing model that is optimal for their resource usage. One example is a time-based pricing model – a per hour, per minute, or per second basis for resources such as servers. A tiered pricing model provides consumers to choose a plan from a set of price points that map to their volume or period of consumption – such as for storage, network bandwidth, or data used. Certain other services such as authentication or validation services can be consumed from the cloud with a plan that is based on active user accounts per month. The chargeback to specific departments inside the organization is now also possible with an accounting model supported by the providers and the ability to tag cloud resources to specific departments.
Cloud personas
There are several actors typically involved in building and operating a cloud solution. Their roles and responsibilities and their relationships with other actors vary based on the industry:
- Business owners: This actor’s responsibilities are to make appropriate cloud investment decisions. This section is more focused on the innovation and agility that the cloud can provide for their business. Once an organization has started with cloud solutions, then there are some typical actors that are involved in the day-to-day operational consumption and provision of cloud services.
Cloud personas and their roles are shown in the following diagram and described in the section that follows:
Figure 1.2 – Cloud personas
- Cloud service consumer: The enterprise or end user who subscribes and uses the cloud-based application or service.
- Cloud service provider: The organization that defines, hosts, and delivers cloud computing services to its consumers.
- Cloud service creator or developer: The organization or developer who creates and publishes the cloud service on a catalog for consumption.
Out of all the roles across all these organizations, the key roles from an implementation and operation perspective are the following:
- Cloud administrator who can perform the following tasks:
- Setting up the cloud account(s) for the organization
- Defining the users, teams, and their associated roles
- Allocating or defining the quota for projects and users with the associated charges
- Approving or denying requests for provisioning or de-provisioning cloud resources
- Monitoring consumption by project
- Cloud user: Accesses or uses the cloud deployed applications, services, or provisioned resources (for example, the application, storage, or servers available to them).
There are variations within these two roles depending on the cloud provider and consumer organization design. There is more rationalization of these traditional roles in the modern context. These roles include the following:
- Cloud solution architect: The person with the knowledge and skills on how to design applications that can effectively leverage cloud capabilities. They understand specific cloud environments, such as AWS, Azure, IBM, and Google, and leverage their services and technologies to build highly scalable, performant, and available applications.
- Cloud DevOps engineer: A cloud user who is primarily responsible for developing the application component...
