Cloud Security Framework: A layered approach to secured by design

Cloud Security framework employs a series of mechanisms to slow the advance an attack aimed at unauthorized access to information in the cloud environment. Each layer provides a mechanism such that if one layer is breached, a subsequent layer is already in place to prevent further exposure.

Cloud platforms applies a layered approach to security, both in its physical datacenters and across cloud services. The objective of cloud security framework is to protect information and prevent it from being accessed un-authorized entities. The common principles that help define a security posture are confidentiality, integrity, and availability.

• Confidentiality: The principle of least privilege restricts access to information only to individuals explicitly granted access. This information includes protection of user passwords, remote access certificates, and email content.
• Availability: Ensure that services are available to authorized users. Denial-of-service attacks are a common cause of loss of availability to users. Natural disasters also drive system design to prevent single points of failure and deploy multiple instances of an application to geo-dispersed locations.
• Integrity: The goal is to prevent unauthorized changes to information at rest or in transit. A common approach used in data transmission is for the sender to create a unique fingerprint of the data by using a one-way hashing algorithm. The hash is sent to the receiver along with the data. The receiver recalculates the data's hash and compares it to the original to ensure that the data wasn't lost or modified in transit.

Layers of secured by design

Secured by design is a set of concentric tiers, with the data to be secured at the center. This approach removes reliance on any single layer. It also acts to slow down an attack and provide alert telemetry that can be acted upon, either automatically or manually.

Here's a brief overview of the role of each layer:

• The data layer secures access to business and customer data.
• The application layer ensures that applications are secure and free of security vulnerabilities.
• The compute layer secures access to virtual machines.
• The network layer limits communication between resources through segmentation and access control.
• The perimeter layer uses distributed denial of service (DDoS) mechanism to filter large-scale attacks before they can cause a denial of service for users.
• The identity and access layer controls access to the infrastructure and change control.
• The physical security layer secures the computing hardware in the datacenter.

These layers provide a guideline for you to help make security configuration decisions in all layers of your cloud applications. Cloud platform provides security tools and features at every level of the secured by design concept.