Cloud SecurityDesign Considerations

Kavis Technology Consulting

What level of security is required

What level of security is required

•

•

•

•

•

What level of security is required

•

•

•

•

•

•

•

•

•

•

What level of security is required

•

•

•

•

•

•

•

•

•

•

What level of security is required

•

•

•

•

•

•

•

•

•

Security and Cloud Service Models

Private Cloudshttp://designyoutrust.com

It’s allYou!

Public Clouds

Vendor supplies …- Infrastructure security

You do this

Vendor supplies …- Application Stack Security- Infrastructure Security

You do this

Vendor supplies …- Application Security- Application Stack Security- Infrastructure Security

You do this

Infrastructure Security

•

•

•

•

Applications Stack Security

•

•

•

•

Application Security

•

•

•

•

•••••

User security

•

•

•

Security across all service models

•

•

•

•

•

•

•

•

•

Source:https://cloudsecurityalliance.org/guidance/csaguide.v3.0.pdf

Key Security Areas of Focus

•

•

•

•

•

•

•

•

•

•

Security Strategies

Centralize

Standardize

Automate

Security Actions

Application

Detection

Prevention

Policy Enforcement

”Golden” Image

Cloud Servers

Deploy

••

•

•

•

•

Policy Enforcement

•

•

•

•

•

•

Policy Enforcement

••

•

•

•

•

•

•

Client Server

Data Store

Deploy

Admin Console

Policies

Encryption

••

•

••

••

•

•

Encryption

• Compliance

• Security

Usability

• Complexity

• Performance

Encryption

•••••

••••

••

Encryption

• Compliance

• Security

Usability

• Complexity

• Performance

Key Management

••

•

•

•

•

•

•

•

Applications

Users

Organizations

Account

Web Security

•

•

•

•

API Token Management

Do Not Roll Your Own

API Token Management

API Token Management

API Token Management

••

•

•

•

•

Patch Management

•

••

•

•

•

••

•

Monitoring

Security

Performance

Capacity

Uptime

Throughput

SLA

User metrics

Kpis

Log file analysis

IntrusionDetection

TroubleShooting

Logging

Source: http://www.thoughtworks.com/continuous-delivery

Continuous Deployments

Maintaining Consistent Environments

AutomationManage

TrackAdminister

• Self Provision

• Charge Back

• Access Control

• Policies

• Audits

ID Management

Centralized

LDAP

Facade

Entity 1 Entity 2 Entity n

CSP 1 CSP 2 CSP 3

USE CASEs Business to Business

Internal costumers

Known Customers

Advantages Central control

Roles, and groups

termination

ID Management

deCentralizedUSE CASEs Business to Consumer

Open registration

Large Number of

enrollees

Advantages Must accept terms

Simple integration

with Partners

Source: http://static.springsource.org/spring-social/docs/1.0.x/reference/html/serviceprovider.html

Thank You

For details on this topic and others go to my blog

www Kavistechnology com

Images courtesy of www.thinkstockphotos.com