Security

Security is one of the most important aspects in cloud architecture design and implementation. Security concerns data privacy, an important aspect of platform compliance.

Is Confidential Computing the Future of Cloud Security? - IEEE Innovation  at Work

With regard to security, we mostly look at the following aspects:

Identity and Access Management

Authentication (Identity Management) and Authorization (Access Management) is a foundational design aspects. We need to consider issues such as identity store, integration, SSO, attributes at all layers such as application (business traffic), container platform (e.g. Kubernetes admin traffic), and cloud platform (e.g. cloud admin traffic).

Encryption and Certificate Management

All security standards mandates the encryption of data in transit and at rest. Data in transit are encrypted by standards at different network layers. Transport Layer Security (TLS) is the most important standard in this regard and it operates on X.509 certificates, which is managed by the Public Key Infrastructure (PKI) of the organization.

Compliance

Most of the enterprise cloud deployment should target certain compliance programs as part of the security initiative. Common compliance frameworks and programs include:

  • DoD SRG (Department of Defense Cloud Computing Security Requirements Guide)
  • FedRAMP (Federal Risk and Authorization Management Program)
  • HIPPA (Health Insurance Portability and Accountability Act)
  • GDPR (General Data Protection Regulation)
  • PCI-DSS (Payment Card Industry Data Security Standard)
  • CIS (Center for Internet Security) Benchmarks

The main cloud service providers provides tools to help client assess the compliance status of their cloud deployment.

More on security

Contact Digi Hunch for Professional Services.