We should understand that cloud computing is not just a collection of services provided by business entities. Instead, from a security standpoint, cloud computing is just a single, interoperable system designed to provide interdependent subsystems that provide a specific combination of on-demand services across multiple entities. Therefore, for this understanding, we define a system of "a set of interacting or interdependent components that form a complete whole" and a "set of subsystems that contain separate but interrelated elements of a unified whole." In short, they provide the service either voluntarily or involuntarily.
However, while perfecting our definition of cloud computing, companies also need to work harder to better understand such a complex system. To do this, companies can use visual techniques or prototyping methods.
In this article, we explain to readers how organizations use visualization technologies to implement better end-to-end cloud computing protection.
Where to start
Cloud computing visualization and its related organizations enable security professionals to clearly define the definition of objects, elements, boundaries and relationships. Once there is a clear definition of what is going on, companies can abandon their assumptions and start developing meaningful implementation strategies. The result is efficient protection of infrastructure for those security professionals without conflict, blankness, or ineffective protection.
Businesses can implement the visualization process from the notion of logging using tools such as affinity diagrams that help categorize unorganized conceptual groups into organized topics and reveal the linkages between concepts . Figure 1 is an affinity diagram that shows the environment of a cloud computing component in terms of systems and subsystems, as well as features and service patterns from affinity maps in previous articles.
The figure below shows the complete system and / or cloud computing made up of the Internet and / or ISPs and the so-called dark network and shows the relationship between different subsystems and / or cloud computing. It shows the attributes of different components and their superset relationship between systems based on the elements they contain. Basically, a component will contain the same element in another component, and a component is a superset of service mode properties, indicating a dependency relationship. For example, an access control list (ACL) is a superset of firewall rules. why? Because the firewall rules specify what kind of traffic to allow or what kind of traffic, the same ACL specifies the subnet, host or domain and other information.
An affinity graph like this can help a company identify cloud computing components to decide where to add security elements (technology, policies, or processes) and potentially uncover unexpected opportunities among systems, components, and elements.
What kind of opportunity is available? Let's talk about a business running a heterogeneous environment. Management wants a single source of authentication across multiple systems across Windows and Unix / Linux. A state-of-the-art visualization approach identifies all sources of authentication and their capabilities. The provided Windows Server 2008 R2 Active Directory (AD) implementation and the Lightweight Directory Access Protocol perform the tasks required by management. This measure also allows businesses to take full advantage of the staff already managing AD while eliminating the need for authentication, authorization, and billing services, which in turn reduces the cost of ownership associated with maintaining an AAA server.
For security: how to use visualization
As we now visualize cloud computing from an end-to-end perspective, a company can decide what kind of cloud computing is inert or closed, which means they have little or no controller for it. For example, the Dark Network is closed because it was developed on-demand by Anonymous, most of which may involve illegal businesses. Businesses have no control over software or files downloaded from the dark network, which means they may be clean or have been poisoned by malware. A today's peer-to-peer network or P2P, hosting services piracy technology may not exist tomorrow. A company still has no control over whether its consumer-as-a-service technology can become part of a dark network or whether an employee's remote home network has been compromised.
Open Cloud Computing, on the other hand, is a cloud that can potentially be trusted to interact with the enterprise's own cloud computing. Open cloud computing refers to all cloud computing infrastructure that seeks trusted relationships with other infrastructures within the Internet. For example, software as a service, infrastructure as a service, and platform as a service (or SaaS, IaaS, and PaaS) are all open models, so a company has the ability to provision enough environment to support its needs as a business entity The same is true of a single individual).
With such a visualization approach, appropriate protections can be identified for different cloud computing models by using concepts, ideas generation, and reverse thinking that are basically goals and assumptions and forced reverse thinking that is different from the expected paradigm.
For example, we all say the company's goal is to provide cloud computing services to businesses managing credit card transactions. Now, in turn, ask the question, "How should we prevent malicious activity from penetrating into our cloud computing services (eg from wireless / from a compromised PC / from a malicious URL)?"
Reverse thinking allows us to think in terms of cloud computing infrastructure attackers. When combined with use-case-based scenarios, it ensures that appropriate protections work against legitimate threats, reducing FUD and resource waste, both in terms of human and financial resources. Meticulously developed and structured visualization techniques can be expressed in a drama mode. The first concept is to set the scene, determine the role and encourage brainstorming. The next step is to give an overview of the three states at a higher level: the current state (for example, what the enterprise now has), the interim status (which is how the business got there), and the final status (which is the result and the related costs) . What will appear in the series mode is the focus, which starts out as a set of specific characteristics and will be changed at the end.
Again, here's an example of how this approach can be deployed in a real-world scenario. Imagine a company that has decided to invest in intrusion prevention technology in its best-of-breed network. End-to-end story is one of informing and preventing intrusion. The relevant roles are flooded with facilities such as edge devices, gateway devices, various hosts, and clients. The focus is on the concept of intrusion prevention, which will change in the transition from single-ended products to enterprise technology suites that have many roles. An end-to-end artifact goes into a reverse thinking process, asking a question, how to configure the host to prevent intrusion or issue an event alert to the business.
In these scenarios, to ask some representative questions: How to complete the router to prevent intrusion? How should we implement it in our database? Who has the right to visit? This process may find another story in one story. For example, where all the events will happen? Do we have the technology for security information and event handling, or is our SIEM capable of aggregating this magnitude of data? Visualization techniques can help reveal gaps, prioritize, and develop realistic roadmaps.
Of course, visualization is not a one-way process. It is a process that requires a series of visual designs to meet or target multiple audiences. It may require several visualizations to clarify intent and direction, but the end result is a clear and clear picture of the enterprise's cloud computing infrastructure and the steps it needs to take to provide end-to-end cloud computing protection.
【Editor's Choice】
The modern enterprise cloud safe survival of the "three rules" A boom in the cloud era Only 40% of enterprises focus on cloud security? Adopt encryption to solve the challenge of hybrid cloud security Big data cloud security strategy four tips 【Editor: Huang Dan TEL: (010) 68476606】