Organizations moving to the cloud need to ensure they are planning for cloud security as part of their migration and mature cloud deployments instead of adding security after the fact. Designing and building a cloud security architecture is an essential part of planning for security in the cloud.
A cloud security architecture should be based upon cloud security best practices, and understanding and implementing these best practices requires a fundamental knowledge of cloud security concepts. Two of the most important concepts to master before developing a cloud security architecture are the cloud shared responsibility model and the principles of zero trust security.
When leasing cloud infrastructure on a platform like AWS or Azure, the cloud provider is not wholly responsible for securing the customer’s cloud deployment. Depending on the service being used, the cloud customer is responsible for certain components of its security. Understanding the cloud shared responsibility model and a cloud customer’s security responsibilities under it is essential to developing a cloud security architecture that adequately addresses these responsibilities.
Traditionally, organizations have adopted a perimeter-focused model for network security. Based on the assumption that all threats originate from outside of the network and that everyone inside the network is “trusted”, this model attempts to protect the organization’s resources by monitoring and filtering all traffic flowing through the network boundary.
In the cloud, where an organization’s infrastructure is outside the traditional perimeter, this model has a number of shortcomings. The zero trust security model takes a much more granular approach to access management, limiting a user’s access to only those resources that are required to do their job. In this respect, a zero-trust security model is the best choice. An organization’s cloud security architecture should be designed to not only support but to enforce the role-based access controls mandated by zero trust.
A cloud security architecture should contain all of the tools, policies, and processes required to effectively protect cloud-based resources against cyber threats.
Cloud providers, like AWS, often provide recommendations specific to their particular platform.
However, recent reports show that most organizations will use two or more cloud providers. Thus these multi-cloud organizations need to develop a cloud security architecture capable of protecting all of their cloud-based resources.
A Cloud security architecture needs to incorporate certain core principles:
To maximize the impact of your cloud security architecture, it is vital to develop it as early in the process as possible. A good starting point is reviewing Check Point’s Cloud Security Blueprint and the associated solutions whitepaper to see examples of a cloud security architecture and how cloud security solutions can be deployed to support one.
After you have the fundamentals in place, the next step is to schedule a customized demo or a cloud transformation security consultation with Check Point experts, who can identify current gaps in your cloud strategy and cloud security solutions that can help you to remediate them.