Ensuring security is challenging in traditional on-premises solutions due to the use of manual processes, eggshell security models, and insufficient auditing. Adopting the best practices provided by Devek will enable architectures to be built that protect data and systems, control access, and respond automatically to security events.
Security in the cloud encompasses the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.
Design Principles for Security
In the cloud, there are a number of principles that help strengthen the security of systems:
Implement a Strong Identity Foundation
Implement the principle of least privilege and enforce separation of duties with appropriate authorization for each interaction with cloud resources. Centralize privilege management and reduce or even eliminate reliance on long-term credentials.
Monitor, alert, and audit actions and changes to environments in real time. Integrate logs and metrics with systems to automatically respond and take action.
Apply Security at All Layers
Rather than just focusing on protection of a single outer layer, apply a defense-in-depth approach with other security controls. Apply to all layers (e.g., edge network, VPC, subnet, load balancer, every instance, operating system, and application).
Automate Security Best Practices
Automated, software-based security mechanisms improve the ability to securely scale more rapidly and cost effectively. Create secure architectures, including the implementation of controls that are defined and managed as code in version-controlled templates.
Protect Data in Transit and at Rest
Classify data into sensitivity levels and use mechanisms for encryption, tokenization, and access control where appropriate.
Keep People Away from Data
Create mechanisms and tools to reduce or eliminate the need for direct access or manual processing of data. This reduces the risk of loss or modification and human error when handling sensitive data.
Prepare for Security Events
Prepare for an incident by having an incident management process that aligns to organizational requirements. Run incident response simulations and use tools with automation to increase speed for detection, investigation, and recovery.
Cloud services utilize a Shared Responsibility Model when the provider is responsible for the physical security and support of cloud services that enable its customers to accomplish their goals. At the same time the customer of a cloud service is responsible for using the service securely, within the limits and flexibility allowed which often permits the configuration of such services, both securely and insecurely. This Shared Responsibility Model enables organizations that adopt the cloud to achieve their security and compliance goals. Devek saves the time and effort required to implement security best practices when using the multitude of cloud services available.
Security in the cloud is comprised of five main topics:
- Identity and access management
- Detective controls
- Infrastructure protection
- Data protection
- Incident Response
Security in the cloud is an ongoing effort. When incidents occur, they are to be treated as opportunities to improve the security of the architecture. Having strong authentication and authorization controls, automating responses to security events, protecting infrastructure at multiple levels, and managing well-classified data with encryption provides defense-in-depth that every business expects. This effort is easier thanks to the programmatic functions and Devek features and services.
Devek strives to help build and operate architectures that protect information, systems, and assets while delivering business value. Use the tools and techniques provided by Devek to make architectures truly secure.
Join Devek in reducing Cloud complexity
Looking to reduce complexity of cloud infrastructure? Look no further, we are here to make it happen!
Please leave some details and we will get back to you when Devek is available for trying out.