7 Ways to Facilitate the Most Stable and Secure Cloud Infrastructure

Securing the Cloud - Aim High

7 Ways to Facilitate the Most Stable and Secure Cloud Infrastructure

“The Cloud”. We receive many questions about what it is, what the benefits are for your organization, and the best way to ensure stable and secure operations.  This post will address the most prevalent and pertinent inquiries at a high level from a standards, framework and experiential best practice perspective.

What is “cloud infrastructure”?

The cloud normally refers to a capability that provides on-demand resources and management in the form of computer applications, servers, storage and /or networking. Resources are shared within cloud computing environments to realize economies of scale benefits for participating customers or enterprises.

Software as a Service (SaaS) is by far the most popular form of cloud resource. Applications are usually delivered “on-demand” via the web using a web browser, thin client or application client. Examples include email, Google Suite, Microsoft Office365, Cisco WebEx, Dropbox or industry or service-related business applications.  Applications are available for a monthly or annual fee and the service provider is responsible for providing and supporting the applications, hardware, software, databases and networking within their remote datacenters. 

Platform as a service (PaaS) allows the customer to develop and manage their applications and data using an environment (servers, operating systems, virtualization, storage, networking) available from the service provider. The customer also has delivery options for managing the environment or using a 3rd party for management. PaaS examples include: Microsoft Windows Azure, Oracle Cloud Platform and Google App Engine.

Infrastructure as a service (IaaS) delivers the cloud computing infrastructure (servers, operating systems, virtualization, storage, networking) but the service provider gives the customer full control over the entire virtual data center environment. The service provider maintains the data center and physical infrastructure (hardware, storage, networking) but the customer maintains the applications, operating systems, and application delivery software environments (i.e., web services and application programming interfaces).  IaaS examples include: Amazon Web Services, IBM Cloud, Google Cloud Infrastructure, Microsoft Azure Infrastructure

There are also many other service offerings that have been categorized in an “as a service manner” in recent years covering desktops, mobility, communications, security, etc.

Figure 1 provides a logical overview of the 3 primary services with attributes, pros and cons.  

cl2nvskhk000001s6dfaw79p4

 Figure 1 – Cloud Infrastructure High Level Overview

 

Deployment Models

What is the difference between cloud deployment models (private, public, hybrid, etc.)?  

A private cloud operating model provides a cloud infrastructure for a single organization. A private cloud may be hosted internally (on premise) or via an external service provider. The organization has control but bears significant responsibility for security, capacity related performance, support and hardware and software refresh costs.  

Public cloud services are delivered over the Internet with infrastructure shared by multiple customers through a 3rd party service provider. The service provider bears application and technology support responsibility and responsibility for assurance that customer data is secure and private.

A hybrid cloud is a combination of public, private and/or community (shared by specific diverse organizations with common concerns) cloud deployment models normally used to expand specific business service capabilities for an enterprise by adding external public cloud services.  

Hybrid cloud

What is multi cloud?

A multi cloud computing service delivers multiple cloud services from more than one vendor. The enterprise often distributes workload using a single cloud specific architecture supported by the different cloud providers.   

What are 7 ways to facilitate the most stable and secure cloud infrastructure?

Security

  1. Begin by reviewing the following frameworks and initiatives published by the National Institute of Standards and Technology (NIST).

 https://csrc.nist.gov/Projects/risk-management

https://www.nccoe.nist.gov

 .Review the following Additional Resources:

 Small Business should see: https://www.nist.gov/itl/smallbusinesscyber/cybersecurity-basics/cybersecurity-risks for more information.

Larger Businesses should visit the Computer Security Resource Center: https://csrc.nist.gov/projects/risk-management/about-rmf

 

  1. Explore educational opportunities and implement solutions recommended by the Cloud Security Alliance (CSA) in the areas of  Best Practices in Implementing Cloud Security, Incident Handling, Application Security, Encryption and Key Management, Identity and Access Management
  2. Ensure a minimum of annual (yearly) credible external assessments of IT Network Security Testing and IT Security Policies and Processes using industry certified resources.
  3. Assess your cloud provider’s security practices at least annually (yearly) and share responsibility for cloud security
  4. Review and update Disaster Recovery, Backup and Business Continuity Plans annually.

Stability

  1. Consider using the Information Technology Infrastructure Library (ITIL) and Control Objectives for Information Technologies (COBIT) as guiding frameworks and implementing training for your key strategic IT resources.
  2. Implement a Governance Strategy for cloud environments that include:  Audit & Compliance, Security and Risk Management, Service Level Management, Asset Management, Operations and Project Management, Standards, Capacity Management, Performance and Availability, Interoperability, Contract Management and strategies for Intellectual Property and Privacy Protection.

   ____________________________________________________________

 The SecureScape Bulletin is your go-to-resource for practical Project, Program, IT Risk Management and Performance information updates. Also tune in for Special Reports on Business Resilience and Growth.

For more questions about this article or more information, visit the SecureScape Analytics "Contact Us" page at https://securescape.com