Week 5 – The Enterprise Security Architecture

Security and compliance are job zero for any company nowadays. Is important that Enterprise Architects keeps in mind security considering all layers, taking a in depth approach, not only protecting borders, but also designing security in every layer. Zero trust approach has been an important concept specially for customers adopting hybrid and cloud solutions.

The Gartner’s Article “Analyze the Risk Dimensions of Cloud and SaaS Computing” from 2013 discuss some challenges about Security in the Cloud and I would like to discuss these challenges considering what we know know in 2023.

  • The analysis of cloud computing risks is complicated by a lack of best practices on the method and content of a cloud services risk assessment.

Clouds Providers have evolved a lot on Security Space. Zero trust architecture is a security model that assumes no implicit trust, requiring verification for all users and devices attempting to access resources. It enforces strict access controls, continuous monitoring, and authentication, reducing the risk of data breaches and unauthorized access. The principle is to trust no one and always verify. In the Cloud taking a Zero Trust approach is important, and Cloud services have evolved to improve Identity, Just in Time Access and Just Right Access, also Landing Zone patterns helps to define correctly a multi-environment network and governance approaches.

  • Nontransparency of service providers presents challenges to security professionals charged with assessing the risk of cloud services.

Visibility and observability tools evolved providing auditing log of everything that happens in the Cloud from the authentication through the launch of services. Also, service health monitoring have evolved to be more complete and also SIEM/SOAR services have also been more popular and adopted in Cloud space.

SIEM (Security Information and Event Management) is a technology that collects and analyzes security event data from various sources, providing real-time threat detection and incident response capabilities. Companies in Industry Space, for example, have used SIEM to have visibility not only about IT but also from their OT networking, converging logs and signals from both IT and OT.

SOAR (Security Orchestration, Automation, and Response) is a system that streamlines incident response workflows by automating repetitive tasks and orchestrating actions across security tools, enhancing the efficiency and effectiveness of incident handling. SOAR is a great approach for Cloud as in the Cloud everything can be launched/changed using scripts through Infra as a Code Terraform, CloudFormation, ARM etc, and you can react to alarms in fact automating actions like denying a firewall rule, isolating a compromised machine/environment, automating backup and disaster recovery even on another region in case of problems. Also, using the on-demand capability of the Cloud, once an incident happens or something suspicious happens, is possible to launch a brand new resource to restablish the environment, but also keep the compromised resource to investigate deeply.

I consider Cloud provides even more visibility and transparency nowadays than on-premises environments.

  • Poorly defined business requirements on the part of cloud services buyers create additional areas of potential risk.

It’s important to clearly define security requirements and goals and also considering security as job zero in all areas like DevSecOps, hardening of VMs, identity and access, networking, data visibility and accessibility and follow best practices as part of all projects.

The article also discuss something very important that is the Responsibility Model accordingly with the type of services used.

So in the first column we see IT dedicated environment where the company is responsible for all layers from physical to application. In the third column we see Public IaaS where the Cloud Provider is responsible for physical security of data centers, the hypervisor and underlying network security and the customer starts from the VM and Operational System. So the customer is responsible for correct configure virtual networking, routing and firewall configurations, O.S. Update and patching after it is launched. For PaaS the cloud provider also is responsible for the O.S. And the platform service and the customer is responsible for correct usage, follow the least privilege access and applications access. For SAAS customer is responsible for data, access and identities.

It’s important to keep in mind these different approaches to correctly monitor and approach security.


Posted July 25, 2023 by Claudia Charro in category Topic 5 – Security architecture

Leave a Comment

Your email address will not be published. Required fields are marked *

*