Cloud Customer Architecture for Securing Workloads on Cloud Services
Many cloud services are now available, covering infrastructure, platform and application capabilities. Building business solutions using these cloud services requires a clear understanding of the available security services, components and options – allied to a clear architecture which provides for the complete lifecycle of the solutions, covering development, deployment and operations.
The aim of this guide is to provide a practical reference to help IT architects and IT security professionals architect, install, and operate the information security components of solutions built using cloud services.
The guides covers, in detail, the security services associated with components in the cloud network:
- Identity and Access Management
- Infrastructure Security
- Application Security
- Data Security
- Secure DevOps
- Security Monitoring and Vulnerability
- Security Governance, Risk and Compliance
This paper is intended as an in-depth extension of the high level advice offered in the CSCC’s other papers: Security for Cloud Computing: Ten Steps to Ensure Success V2.0 and Cloud Security Standards: What to Expect & What to Negotiate V2.0.