Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Hybrid Cloud Security Patterns

You're reading from   Hybrid Cloud Security Patterns Leverage modern repeatable architecture patterns to secure your workloads on the cloud

Arrow left icon
Product type Paperback
Published in Nov 2022
Publisher Packt
ISBN-13 9781803233581
Length 252 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Sreekanth Iyer Sreekanth Iyer
Author Profile Icon Sreekanth Iyer
Sreekanth Iyer
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1: Introduction to Cloud Security
2. Chapter 1: Opportunities and Challenges with Hybrid Multi-cloud Solutions FREE CHAPTER 3. Chapter 2: Understanding Shared Responsibility Model for Cloud Security 4. Part 2: Identity and Access Management Patterns
5. Chapter 3: Cloud Identity and Access Management 6. Chapter 4: Implementing Identity and Access Management for Cloud Applications 7. Part 3: Infrastructure Security Patterns
8. Chapter 5: How to Secure Compute Infrastructure 9. Chapter 6: Implementing Network Isolation, Secure Connectivity, and Protection 10. Part 4: Data and Application Security Patterns
11. Chapter 7: Data Security Patterns 12. Chapter 8: Shift Left Security for DevOps 13. Part 5: Cloud Security Posture Management and Zero Trust Architecture
14. Chapter 9: Managing the Security Posture for Your Cloud Deployments 15. Chapter 10: Building Zero Trust Architecture with Hybrid Cloud Security Patterns 16. Index 17. Other Books You May Enjoy

The evolution of the cloud

Driven by trends in the consumer internet, cloud computing has become the preferred way to consume and deliver IT solutions and services. Before we dive deeper into cloud security, it is important to understand some basic aspects of the cloud, the emerging trends in cloud solutions, culture, technologies, and modern development and delivery models.

Defining cloud computing

Let’s start by understanding and defining the term cloud computing in detail. It comprises two words – cloud and computing. So, simply put, it is computing that you can offer on the cloud. What exactly is the cloud referred to here? IT architects used the cloud symbol to represent the internet or the network in their drawings. The term cloud has evolved as a metaphor for the internet. Computing could be any goal-oriented activity requiring or benefiting from the usage of IT, which includes hardware and software systems used for a wide range of purposes – collecting, storing, processing, and analyzing various kinds of information. Cloud computing has evolved over time from utility computing to what it is today, enabled by virtualization, automation, and service orientation.

The following diagram defines the key elements of cloud computing:

Figure 1.1 – Cloud computing

Figure 1.1 – Cloud computing

There are several definitions that you can find on the web for cloud computing. National Institute of Standards and Technology (NIST) has promoted the effective and secure use of cloud computing technology within government and industry by providing technical guidance and promoting standards. According to NIST, cloud computing is a pay-per-use model of enabling available, convenient, and on-demand network access to a shared pool of configurable computing resources (for example, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. In general, most of the companies have agreed on certain general characteristics or essentials that NIST has pioneered that qualify any internet-based computing to be referred to as a cloud. They are the following:

  • On-demand self-service: Cloud computing provides a catalog through which a consumer can request to provision any kind of service – computing involving a server, network, and storage or a middleware service such as a database or a software service such as email. This catalog provides self-service without requiring manual intervention on the part of the service provider.
  • Ubiquitous network access: The key premise of cloud computing is that all the services and capabilities provided are accessible through the network. This can be the internet in the case of a public cloud or the intranet in the case of a private cloud. The resources on a cloud can be accessed through a variety of devices such as computers, mobile phones, and IoT devices over the network through multiple protocols.
  • Location-independent resource pooling: A cloud’s business value comes from the economy of scale that is achieved by resource pooling. The provider pools the available computing resources and makes them dynamically available to clients based on demand. Physical resources including compute, network, and storage are pooled and leveraging virtualization assigned to clients in a multi-tenant model. In certain cases, consumers may not even know the exact location of the provided resources.
  • Rapid elasticity: The cloud provides a means to rapidly scale up or scale down based on the demand. For the consumer, this is a very valuable business advantage of cloud solutions, as it requires them to only invest in resources when they need to. For instance, cloud consumers can start small with addressing requirements for one region or country and then scale their operations across the globe. Modern cloud technologies offer running applications and managing data without having to worry about infrastructure. Technologies such as serverless computing provide rapid elasticity and scale at a lower cost.
  • Pay per use: Each cloud service is monitored, metered, and facilitates chargeback. This allows providers to promote their subscription plans and consumers to choose a billing model that is optimal for their resource usage. One example is a time-based pricing model – a per hour, per minute, or per second basis for resources such as servers. A tiered pricing model provides consumers to choose a plan from a set of price points that map to their volume or period of consumption – such as for storage, network bandwidth, or data used. Certain other services such as authentication or validation services can be consumed from the cloud with a plan that is based on active user accounts per month. The chargeback to specific departments inside the organization is now also possible with an accounting model supported by the providers and the ability to tag cloud resources to specific departments.

Cloud personas

There are several actors typically involved in building and operating a cloud solution. Their roles and responsibilities and their relationships with other actors vary based on the industry:

  • Business owners: This actor’s responsibilities are to make appropriate cloud investment decisions. This section is more focused on the innovation and agility that the cloud can provide for their business. Once an organization has started with cloud solutions, then there are some typical actors that are involved in the day-to-day operational consumption and provision of cloud services.

Cloud personas and their roles are shown in the following diagram and described in the section that follows:

Figure 1.2 – Cloud personas

Figure 1.2 – Cloud personas

  • Cloud service consumer: The enterprise or end user who subscribes and uses the cloud-based application or service.
  • Cloud service provider: The organization that defines, hosts, and delivers cloud computing services to its consumers.
  • Cloud service creator or developer: The organization or developer who creates and publishes the cloud service on a catalog for consumption.

Out of all the roles across all these organizations, the key roles from an implementation and operation perspective are the following:

  • Cloud administrator who can perform the following tasks:
    • Setting up the cloud account(s) for the organization
    • Defining the users, teams, and their associated roles
    • Allocating or defining the quota for projects and users with the associated charges
    • Approving or denying requests for provisioning or de-provisioning cloud resources
    • Monitoring consumption by project
  • Cloud user: Accesses or uses the cloud deployed applications, services, or provisioned resources (for example, the application, storage, or servers available to them).

There are variations within these two roles depending on the cloud provider and consumer organization design. There is more rationalization of these traditional roles in the modern context. These roles include the following:

  • Cloud solution architect: The person with the knowledge and skills on how to design applications that can effectively leverage cloud capabilities. They understand specific cloud environments, such as AWS, Azure, IBM, and Google, and leverage their services and technologies to build highly scalable, performant, and available applications.
  • Cloud DevOps engineer: A cloud user who is primarily responsible for developing the application component or service. The Dev-Ops engineer is also responsible for building the pipeline to deploy, monitor, and operate the service. DevOps speeds up software development and delivery, bringing close collaboration with engineering and operations teams.
  • Service Reliability Engineer (SRE): Primarily responsible for improving the reliability of services through collaboration with development, proactive monitoring, and optimization of redundancies in operations. SRE is an integral part of modern cloud development teams who are involved in proactive testing, observability, service reliability, and speed.
  • Security and compliance focal: Core members of the cloud teams who ensure the services are designed, developed, and deployed securely on the cloud. Ensuring services meet regulatory and security compliance requirements is the responsibility of the security and compliance focal. These resources define security policies and procedures, execute audit checks and governance related to backup, and restore automation for security and compliance tasks.

Cloud deployment models

Driven by trends in the consumer internet, cloud computing has become the preferred way to consume and deliver IT services. The cloud supports multiple deployment models based on the given requirements. The capabilities delivered by cloud are accessible via a cloud catalog and categorized based on the IT service delivered. These integrated services or layers of IT-as-a-Service are often referred to as cloud deployment models. The details of each of the cloud deployment models are shown in the following diagram:

Figure 1.3 – Cloud deployment models

Figure 1.3 – Cloud deployment models

The different deployment models are as follows:

  • Infrastructure as a Service (IaaS): In this service delivery model, IT infrastructure is delivered over the network to consumers. This includes the compute (servers), network, storage, and any other data center resources. IaaS provides the ability to rapidly scale up or scale down infrastructure resources. IaaS consumers can concentrate on deploying and running their software, services, or applications without having to worry about managing or controlling the underlying resources.
  • Platform as a Service (PaaS): Provides a platform for consumers to develop and deploy their applications. While IaaS provides the infrastructure resources, PaaS provides the programming languages, tools, and platforms to develop and deploy applications. Consumers have the ability the to control deployed applications and operating systems and environments.
  • Software as a Service (SaaS): The cloud deployment model where application and services are made available to clients. In this scenario, customers can use a service without having to worry about the development, deployment, or management of these applications. In the SaaS model, the provider takes care of making the applications available to multiple clients. End users need not install or manage any software on their side and can access the applications through their devices of choice. Popular services or applications provided in the SaaS model are e-mail, ERP, and CRM.
  • Business Process as a Service (BPaaS): An emerging model on top of SaaS where customers can consume business processes such as accounting and payroll, or HR processes such as travel and expense management as a service. These business services are accessed via the internet and support multiple subscription plans as advertised by the provider. The consumer can choose from these plans and subscribe to the services based on their requirements.

Cloud delivery models

The support for different delivery models is the critical success factor of the cloud for business. The flexible cloud delivery models or cloud types are shown in the following diagram:

Figure 1.4 – Cloud types (delivery models)

Figure 1.4 – Cloud types (delivery models)

We shall see the various types in detail:

  • Private cloud: Refers to resource pooling and sharing IT capabilities within the enterprise or behind a firewall. These are often managed privately and run by the enterprise itself and made available to the users on their intranet. A private cloud provides more flexibility to the enterprise in terms of the customization of services. At the same time, a private cloud also drives internal efficiency, standardization, and best practices. Since the resources and management are mostly local or dedicated, private cloud provides tighter control and visibility.
  • Public cloud: Refers to a standardized set of business, application, or IT services provided as a service over the internet. In this model, the service provider owns and manages the service and access is by subscription. Multitenancy is a key characteristic of public cloud services that enable economies of scale. The flexible price per use basis is applicable and greater discounts apply to a committed higher usage.
  • Hybrid cloud: Combines the characteristics and delivery models of both public and private clouds. The hybrid cloud as a solution combines the best of all worlds – on-premises, private clouds, and multiple public cloud services. In a hybrid cloud model, a solution can have components running on-prem on a private cloud or enterprise infrastructure connecting to services running on a public cloud. A hybrid cloud strategy is preferred by businesses, as it provides greater flexibility and resiliency for scaling workloads based on demand at reduced cost.
  • Multi-cloud: Refers to leveraging services provided by more than one cloud – refers to the use of private and public services and their integration. A business may have multiple services across IaaS, PaaS, and SaaS provided by multiple vendors. A multi-cloud approach consists of a mix of major public cloud providers or hyperscalars, namely Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft (Azure), and IBM.
  • Hybrid multi-cloud: If the multi-cloud deployment includes a private cloud or an on-premise data center as well, then the cloud deployment can actually be considered a hybrid multi-cloud. We also see several variations of adoption of these cloud delivery and consumption models.

From cloud to hybrid multi-cloud

More cloud service types are emerging and guiding the development of the IT industry. These multiple delivery models can co-exist and integrate with traditional IT systems. The cloud type and delivery model selection depend on the workload and the intended benefits.

The key intended benefits from cloud are as follows:

  • Speed: Capability to provision on demand and elastically scale computing resources (infrastructure, platforms, software, and business services). This is enabled through automated secure and managed provisioning process. Most cloud computing services are provided through self-service catalogs on demand. A big set of computing resources and environments can be automatically provisioned in minutes instead of having to wait for hours and days. The delivery of services more rapidly is enabled with automation and less human intervention. With proper automation, this ensures fewer errors and fulfillment of requested qualities of service or Service Level Agreements (SLAs).
  • Cost: Enterprises don’t have to invest in buying hardware and software for their data centers, as well as incurring the cost of managing these resources. Depending on the delivery and consumption model, the cost and security of the cloud are defined through a shared responsibility matrix that’s documented and reviewed regularly. The cloud provides a way to cut down on the enterprise capital expenses (Capex) on racks, servers, cooling, electricity, and the IT service professionals for managing the infrastructure. The cloud provides a more efficient pricing model and lowers both capital and operational expenditure.
  • Flexibility: Businesses need to adjust the IT resources based on the market demands. They need to balance performance, security, availability, and scale based on the business requirements. The cloud provides a seamless and efficient way to manage availability, resilience, and security with flexibility to move workloads across on-premise, private, and public infrastructures and services.
  • Resiliency: Improved risk management through improved business resiliency. Improved time to market and acceleration of innovation projects. Cloud computing makes data backup, disaster recovery, and business continuity seamless and inexpensive with multiple availability zones on a cloud provider’s network.
  • Efficiency and global scale: The benefits of cloud computing services include the ability to scale elastically. That means rapidly expanding to new geographies with the right amount of IT resources. The cloud not only optimizes the IT resources but also frees up time for skilled resources to focus on innovative and future-looking projects. The cloud helps significantly improve energy efficiency through sharing and the optimal usage of resources. The cloud infrastructure and services are upgraded to the latest ones at a faster pace to provide fast and efficient computing hardware and services. This offers several benefits over traditional data centers, including reduced network latency for applications with multiple availability zones and greater economies of scale.

Most enterprises start with something under their control to optimize what is behind their firewalls. So, the initial interest was tremendously geared toward private clouds – in both large enterprises and the mid-market. There was great interest initially in public cloud services for infrastructure services especially. Businesses have become comfortable moving workloads externally with domain applications available on the public cloud. This has resulted in a proliferation of hybrid clouds with the need for businesses to integrate their private environments with public cloud services.

You have been reading a chapter from
Hybrid Cloud Security Patterns
Published in: Nov 2022
Publisher: Packt
ISBN-13: 9781803233581
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image