{"id":909,"date":"2019-10-18T19:49:12","date_gmt":"2019-10-18T19:49:12","guid":{"rendered":"http:\/\/customers-love-solutions.com\/?p=909"},"modified":"2019-11-21T17:14:16","modified_gmt":"2019-11-21T17:14:16","slug":"3-0-0-secure-your-cloud-applications","status":"publish","type":"post","link":"https:\/\/customers-love-solutions.com\/?p=909","title":{"rendered":"3.0.0 Secure your cloud applications"},"content":{"rendered":"\n

Security, a shared responsibility between Public Service Provider and the Business Customer.<\/h4>\n\n\n\n
\"\"
Shared responsibility model.<\/figcaption><\/figure>\n\n\n\n

Shared responsibilities<\/h3>\n\n\n\n

Security responsibility of the cloud infrastructure include:

o Design for security<\/strong> (physical structure and the software layer regulatory
compliance & security)
o Constantly monitored<\/strong> (monitoring of security incident or compromise)
o Highly automated <\/strong>(responses are highly automated)
o Highly available<\/strong>
o Highly accredited<\/strong> (consequences: physical environments are highly
accredited)

Security responsibility of AWS for the cloud means a framework build for:
o Hosts, networks, software, facilities<\/strong>
o Protection of AWS global infrastructure<\/strong>
o Availability of 3rd-party audit reports<\/strong>

But the business customer is also responsible for security<\/strong> in his layers. For example AWS provides a raw unformatted device for storage<\/strong> and the customer has to consider what data should be stored,<\/strong> which AWS services to use<\/strong>, in which region<\/strong> to store and mirror<\/strong> the data, in what content format and structure<\/strong> and who has access<\/strong>. How is the data delivered in transit and in rest. How to store, will it encrypted and how long it should be stored?
Least necessary privileges<\/strong> is the best practice<\/strong> only need to have access not nice to have. <\/strong>The rule configuration is one core customer responsibility. In a holistic view we end in a shared responsibility model<\/strong>.<\/p>\n\n\n\n

Unmanaged Services<\/strong><\/h3>\n\n\n\n

Different industries and businesses have a variety of specific security requirements<\/strong>, only the business owner could know. The customer own everything on top of a virtual server<\/strong>. The customer owns likewise everything you format on top of a data volume<\/strong>, like an AMAZON EBS<\/strong>. AWS provides a raw device (Unmanaged Services<\/strong>) configured for security by the customer. Using Unmanaged Services<\/strong> the customers takes the most responsibility for the services.<\/p>\n\n\n\n

Managed Services<\/h3>\n\n\n\n

For the Managed Services<\/strong> AWS takes over some of the tasks, to provide security. E.g. in the operation systems database patching & installation<\/strong>, firewall configuration, disaster recovery<\/strong> is managed by AWS<\/strong>. AWS surfaces the customer database into his Virtual Private Cloud (VPC) and it get’s the network isolation and protection of the customer.
AWS manage the virtual machine<\/strong>, on which SQLServer, MySQL, PostgreSQL <\/strong>or Oracle<\/strong> is running. In this case the responsibility is different shared: Operating systems and server<\/strong> are the job of AWS. The customer is managing access to the data base server<\/strong>. Likewise on AMAZON DynamoDB, S3, RDS<\/strong>, the customer don’t configure the servers on which those application environments run.<\/p>\n\n\n\n

Unmanaged Services<\/strong>
o Amazon EC2
o Amazon EBS<\/p>\n\n\n\n

Managed Services<\/strong>
o Amazon RDS
o AMAZON S3
o Amazon DynamoDB<\/p>\n\n\n\n

Operations<\/strong>
o Guest OS patching
o Database patching
o Firewall configuration
o Disater recovery
o User data

And if you follow a multi cloud approach<\/strong>, you need to align the security guidline across all Public Cloud Provider (PCP), you integrate in your cloud infrastructure. But multi cloud solution is an other topic to discuss.<\/p>\n","protected":false},"excerpt":{"rendered":"

Security, a shared responsibility between Public Service Provider and the Business Customer. Shared responsibilities Security responsibility of the cloud infrastructure include: o Design for security (physical structure and the software layer regulatory compliance & security)o Constantly monitored (monitoring of security incident or compromise)o Highly automated (responses are highly automated)o Highly availableo Highly accredited (consequences: physical […]<\/p>\n","protected":false},"author":1,"featured_media":958,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,21,3,9,5,19],"tags":[],"class_list":["post-909","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws-cloud-architecture","category-awsomeday","category-conferences","category-infrastructure","category-native-cloud","category-self-learning","clearfix","post-index","fader"],"jetpack_featured_media_url":"https:\/\/customers-love-solutions.com\/wp-content\/uploads\/2019\/11\/Thumbnail-sky-Shared_Responsibility-Security-1.jpg","_links":{"self":[{"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/posts\/909","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=909"}],"version-history":[{"count":17,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/posts\/909\/revisions"}],"predecessor-version":[{"id":1066,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/posts\/909\/revisions\/1066"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=\/wp\/v2\/media\/958"}],"wp:attachment":[{"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=909"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=909"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/customers-love-solutions.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=909"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}