What is cloud security architecture?
Cloud security architecture is a security strategy designed around securing an organization's data and applications in the cloud. It is a critical extension of enterprise security, and it requires an architecture to connect it with an overall security approach. As more organizations shift and share their data in the cloud, the more important it becomes to have a security architecture in place.
The cloud can be delivered in multiple formats. As such, cloud security architectures are designed to work in a combination of SaaS, PaaS and IaaS environments, as well as the public and private cloud.
Cloud security architecture works on the basis of shared responsibility between an organization and a cloud service provider (CSP). This doesn't mean an organization has less responsibility, though. In general, a cloud security architecture should follow cloud security best practices. The responsibilities each party has may depend on what the CSP offers and how it delivers its services.
Why is a cloud security architecture important?
The difference between "cloud security" and "cloud security architecture" is that the former tends to be built up from problem-specific measures while the latter is built down from threats. A cloud security architecture can reduce or eliminate holes in security that point-solution approaches almost certainly leave. It does this by building down -- defining the threats starting with the users, moving to the cloud environment and CSP and then to the applications. Cloud security architecture can also reduce redundancy in security measures -- things that won't contribute to threat reduction but increase both Capex and Opex.
A cloud security architecture also organizes security measures to make them more consistent and easier to sustain over time, in particular during cloud deployment and redeployment. Security often erodes because it's illogical or complex. A proper cloud security architecture can identify these defects.
Elements of a cloud security architecture
The best way to approach a cloud security architecture is to start with a statement of goals. The architecture has to address three things: an attack surface presented by external access interfaces, a protected asset set that represents the information being protected, and attack vectors and mechanisms designed to inflict indirect attacks somewhere along the path.
The goal of a cloud security architecture is met through a series of functional elements. These elements are often considered separately rather than as part of a coordinated architectural plan. This includes access security or access control, network security, application security and contractual security as well as monitoring, sometimes called service security. Finally, there's data protection, which is the measures that are applied at the protected-asset level.
A complete cloud security architecture addresses the goals by uniting the functional elements.
Cloud security architecture and the shared responsibility model
Security and security architectures for the cloud aren't single-player processes. Most enterprises will retain a large chunk of their IT workflow within their data center, local networks and VPN. The cloud adds additional players to this, so it's critical that a cloud security architecture be a part of a broader shared responsibility model.
A shared responsibility model is both an architecture diagram and a contract form. It exists in a formal sense between a cloud user and each CSP, as well as providers of a network service if they're contracted separately. Each typically divides the components of a cloud application into layers, with the top layer being the responsibility of the customer and the bottom layer being the responsibility of the CSP. Each separate function or component of the application is mapped into the appropriate layer depending on who provides it. The contract then describes what each party is responsible for doing, how the boundary points are recognized and how problems are isolated and assigned to a party.
A master model can be constructed to combine the individual responsibility models for all the service providers used. If done carefully, this is a critical tool in assigning fault and coordinating remediation when something goes wrong.
Cloud security architecture design patterns
There are two levels of design pattern used in cloud security architectures. The general, high-level patterns describe the following:
- Security controls, which define the overall interplay of the functional elements in a security architecture.
- Trust boundaries that define the relative level of security and the scope of any identity or permission rights.
- Standard interface points and API models.
- Encryption algorithms and key management.
- Token management for identity and permission exchanges.
- Security event logging.
Those developing their own cloud applications can use design patterns to create a secure application access framework. Note that this option is not likely available for third-party software, but it may be possible to audit the design patterns used by the vendor as part of the selection process. Design patterns also typically address access security but won't eliminate the need for other functional elements of a good security architecture.
The three dominant cloud security architecture design patterns are the federated identity pattern, the gatekeeper pattern and the valet key or token that conveys specific rights to access a resource. The first is a means of establishing user identity and sharing identity credentials. The second defines a "firewall" element that sits between user and resource and validates credentials and rights. The third is a token or mechanism to allow a user or module to access a resource or service for a specific, limited purpose.
Variations on the theme for IaaS, PaaS and SaaS
Cloud services vary from IaaS, where a virtual host is provided, through PaaS, which incorporates platform tools and middleware, to SaaS, where CSPs offer the entire application. The shared responsibility model looks different for each type of cloud service.
With IaaS, the CSPs offer only a hosting resource. The majority of application-related security responsibilities lie with the customer or a contracted agent. The relationship between the network, application and the IaaS is defined by network middleware. IaaS places greater network security requirements on the user.
PaaS typically includes middleware and other software elements. These elements are presented as "services" to the application. This means the cloud security model must focus more on the securing of services and the creation of trust zones -- which include the service elements, such as microservices, that make up an application. The user is responsible for maintaining overall application security.
With SaaS, the CSP is responsible for security within the application, meaning internal component workflows. The network relationship between the SaaS and the user is typically defined as a set of RESTful APIs. Both the user and network provider share responsibility for the security of access to those APIs.
Where there are multiple cloud service types in use, users often employ the concept of cloud security postures and use cloud security posture management to automate security responses across the full collection of cloud services.
Cloud security architecture planning and best practices
The best way to plan and execute a proper cloud security architecture is to work outward from the key resources. This means an organization should identify any APIs used to connect workflows within the cloud between applications, as well as those that connect the cloud with the data center or other clouds and databases. These define the protected assets.
Each of these assets is referenced by users, applications or components. Each of these references must be validated, meaning the elements certified to use them have to be identified and their scope of use established. This creates a chain of reference that ultimately reaches the users themselves.
The functional elements of a cloud security architecture -- access security, network security, application security, contractual security and monitoring and data protection -- are then applied within this structure. At any point where a protected asset or reference chain is exposed, it creates an entry point for a security threat. Most cloud security architectures impose layers of protection based on those five functional elements -- a defense-in-depth model.