{"id":13033,"date":"2022-07-01T15:32:32","date_gmt":"2022-07-01T13:32:32","guid":{"rendered":"http:\/\/www.orbit.cz\/?post_type=encyklopedie-cloudu&#038;p=13033"},"modified":"2024-10-31T13:03:09","modified_gmt":"2024-10-31T12:03:09","slug":"8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu","status":"publish","type":"encyklopedie-cloudu","link":"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/","title":{"rendered":"8 principles to ensure security in the cloud"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"157\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-300x157.jpg\" alt=\"8 principles to ensure security in the cloud | ORBIT Cloud Encyclopedia \" class=\"wp-image-13036\" style=\"width:526px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-300x157.jpg 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-1024x536.jpg 1024w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-768x402.jpg 768w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-1536x804.jpg 1536w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-scaled.jpg 2048w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<p><span class=\"EOP SCXW183731154 BCX8\" data-ccp-props=\"{&quot;335559738&quot;:240}\"><span class=\"TextRun SCXW237195044 BCX8\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW237195044 BCX8\"><\/span><\/span><\/span><\/p>\n\n\n<style>.wp-block-kadence-column.kb-section-dir-horizontal > .kt-inside-inner-col > .kt-info-box13033_f29f8c-6d .kt-blocks-info-box-link-wrap{max-width:unset;}.kt-info-box13033_f29f8c-6d .kt-blocks-info-box-link-wrap{background:#ffffff;padding-top:var(--global-kb-spacing-xs, 1rem);padding-right:var(--global-kb-spacing-xs, 1rem);padding-bottom:var(--global-kb-spacing-xs, 1rem);padding-left:0px;}.kt-info-box13033_f29f8c-6d.wp-block-kadence-infobox{max-width:100%;}.kt-info-box13033_f29f8c-6d .kadence-info-box-image-inner-intrisic-container .kadence-info-box-image-intrisic{padding-bottom:100%;max-width:100%;}.kt-info-box13033_f29f8c-6d .kadence-info-box-icon-container .kt-info-svg-icon, .kt-info-box13033_f29f8c-6d .kt-info-svg-icon-flip, .kt-info-box13033_f29f8c-6d .kt-blocks-info-box-number{font-size:50px;}.kt-info-box13033_f29f8c-6d .kt-blocks-info-box-media{border-radius:200px;overflow:hidden;border-top-width:0px;border-right-width:0px;border-bottom-width:0px;border-left-width:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0px;}.kt-info-box13033_f29f8c-6d .kt-infobox-textcontent p.kt-blocks-info-box-title{font-size:var(--global-kb-font-size-md, 1.25rem);padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;margin-top:0px;margin-right:0px;margin-bottom:10px;margin-left:0px;}.kt-info-box13033_f29f8c-6d .kt-blocks-info-box-learnmore{background:transparent;border-width:0px 0px 0px 0px;padding-top:4px;padding-right:8px;padding-bottom:4px;padding-left:8px;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;}<\/style>\n<div class=\"wp-block-kadence-infobox kt-info-box13033_f29f8c-6d orbit-testimonial-second\"><span class=\"kt-blocks-info-box-link-wrap info-box-link kt-blocks-info-box-media-align-left kt-info-halign-left\"><div class=\"kt-blocks-info-box-media-container\"><div class=\"kt-blocks-info-box-media kt-info-media-animate-none\"><\/div><\/div><div class=\"kt-infobox-textcontent\"><p class=\"kt-blocks-info-box-title\"><span class=\"EOP SCXW183731154 BCX8\" data-ccp-props=\"{&quot;335559738&quot;:240}\"><span class=\"TextRun SCXW237195044 BCX8\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW237195044 BCX8\">In the cloud, responsibility for security is shared. Is it a risk or a benefit? There may be initial concerns<\/span> <span class=\"NormalTextRun SCXW237195044 BCX8\">replaced by excitement about how safe and useful the cloud can be? In this article, I'll give you my take on cloud security and describe eight security principles to follow when going to the cloud.<\/span><\/span><\/span><\/p><p class=\"kt-blocks-info-box-text\"><span class=\"EOP SCXW183731154 BCX8\" data-ccp-props=\"{&quot;335559738&quot;:240}\"><span class=\"EOP SCXW237195044 BCX8\" data-ccp-props=\"{}\"><strong>Lukas Kl\u00e1\u0161tersk\u00fd<\/strong><\/span><\/span><\/p><\/div><\/span><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Cloud, Security, Shared Responsibility and 8 Principles <\/strong><span data-ccp-props=\"{&quot;335559738&quot;:40}\">&nbsp;<\/span><\/h2>\n\n\n\n<p><span data-contrast=\"auto\">One of the fundamental features of the cloud is that <\/span><b><span data-contrast=\"auto\">security is shared<\/span><\/b><span data-contrast=\"auto\"> between cloud providers and cloud users. The provider is responsible for the security of the cloud platform itself. The user is responsible for the security of their data and, depending on the type of cloud, shares responsibility with the cloud provider for endpoint devices, identity, applications and <\/span><span data-contrast=\"auto\">network management<\/span><span data-contrast=\"auto\"> and infrastructure. <\/span><span data-ccp-props=\"{}\">&nbsp;<\/span><\/p>\n\n\n\n<p><span data-contrast=\"auto\">In on-premise it is different, there the user is responsible for everything (<\/span><a href=\"https:\/\/www.cisecurity.org\/-\/media\/project\/cisecurity\/cisecurity\/data\/media\/img\/uploads\/2020\/06\/cis-hardened-images-shared-responsibility-model-2020-0608.png\" target=\"_blank\" rel=\"noopener\"><span data-contrast=\"none\">as shown in the following image from cisecurity.org)<\/span><\/a><span data-contrast=\"auto\">:<\/span><span data-ccp-props=\"{}\">&nbsp;<\/span><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"129\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk-300x129.png\" alt=\"Cloud vs. on-premise security | ORBIT Cloud Encyclopedia \" class=\"wp-image-13039\" style=\"width:478px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk-300x129.png 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk-768x331.png 768w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk.png 867w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<p>While innovation and the availability of exciting technologies are the main motivations for moving to the cloud, we associate cloud security with fear of the unknown and caution about entering the cloud.<\/p>\n\n\n\n<p>So while general concerns about the cloud are long gone, cloud security is still a big topic. This is evidenced by cloud surveys in which cloud security regularly comes out on top, for example in <a href=\"https:\/\/info.flexera.com\/CM-REPORT-State-of-the-Cloud\" target=\"_blank\" rel=\"noopener\">State of the Cloud Report<\/a><a href=\"https:\/\/info.flexera.com\/CM-REPORT-State-of-the-Cloud\" target=\"_blank\" rel=\"noopener\"> 2022<\/a>:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"216\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk2-300x216.png\" alt=\"Cloud Concerns | ORBIT Cloud Encyclopedia \" class=\"wp-image-13041\" style=\"width:460px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk2-300x216.png 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk2.png 530w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<p>Sharing responsibility has brought with it <strong>8 safety principles<\/strong> for the journey to the cloud, which we'll discuss in detail:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Let's deal with the new principles of IT architecture.<\/li>\n\n\n\n<li>Let's address areas of security that we didn't have to address in on-premise.<\/li>\n\n\n\n<li>Let's define our approach to security in the cloud.<\/li>\n\n\n\n<li>Integrate cloud and on-premise security.<\/li>\n\n\n\n<li>Let's take advantage of the plethora of cloud-based security tools.<\/li>\n\n\n\n<li>Let's manage security with predefined policies and configurations.<\/li>\n\n\n\n<li>Let's improve security through automation, blueprints and a risk base approach.<\/li>\n\n\n\n<li>Let's achieve security nirvana or <em>continuous cloud compliance<\/em>.<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">1. Coping with new IT architecture principles<\/h2>\n\n\n\n<p>Why is security a significantly bigger issue in the cloud than on-premise? With the existence of the cloud, many IT principles have changed, and with it, the approach to security. The fundamental differences are in the following seven areas:<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>Area<\/strong><\/td><td><strong>On-premise<\/strong><\/td><td><strong>Cloud<\/strong><\/td><\/tr><tr><td><em>Perimeter<\/em><\/td><td>IT lies inside the perimeter, which is its line of defense.<\/td><td>The perimeter has ceased to exist or exists in multiple dimensions.<\/td><\/tr><tr><td><em>End devices<\/em><\/td><td>Everything within the perimeter is secure, access from the outside is secured.<\/td><td>Security depends on the type of device, the location, the user and the role of the user.<\/td><\/tr><tr><td><em>Automation<\/em><\/td><td>They are rarely available.<\/td><td>It is a natively supported functionality.<\/td><\/tr><tr><td><em>Governance of security<\/em><\/td><td>Full liability (E2E) inside the perimeter<\/td><td>Shared responsibility by service type (IaaS, PaaS, SaaS)<\/td><\/tr><tr><td><em>Principles of safety<\/em><\/td><td>Static sources and statistical safety rules<\/td><td>Dynamic resources and dynamic security rules<\/td><\/tr><tr><td><em>Security tools<\/em><\/td><td>Each technology is separately integrated into the security model and monitored.<\/td><td>Security features are natively integrated into the cloud platform's security model, monitoring and APIs.<\/td><\/tr><tr><td><em>Business Continuity (BC)<\/em><\/td><td>BC plans are individual according to applications and infrastructure.<\/td><td>BC plans can be aligned to the capabilities and limits of the platform.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>In on-premise architecture, we only need to consider some of the above areas. But if we want to use the cloud, we need to consider all seven areas in the architecture, security and related processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">2. Let's address areas of security that we didn't need to address in on-premise<\/h2>\n\n\n\n<p>Because of the shared responsibility in the cloud, we have to address these areas of security and its governance in a new way:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>How do the terms and conditions guarantee safety?<\/li>\n\n\n\n<li>Where is the data located and what is its classification?<\/li>\n\n\n\n<li>How can I leave the provider?<\/li>\n\n\n\n<li>In what way does he manage to provide security?<\/li>\n\n\n\n<li>Do the provider's staff have access to my data and how am I informed?<\/li>\n\n\n\n<li>How does the provider audit security management and how is this information accessed?<\/li>\n<\/ul>\n\n\n\n<p>We will talk more about these topics in a future article <a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/\" target=\"_blank\" rel=\"noopener\">Cloud Encyclopedia<\/a> dedicated to cloud compliance.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">3. Let's define our approach to security in the cloud<\/h2>\n\n\n\n<p>For security in on-premise and in the cloud, the basic premise applies: <strong>It's our environment and we need to make sure it's safe.<\/strong> This premise needs to be set in stone in both environments, but it is doubly true in the cloud because of the shared responsibility.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"284\" height=\"190\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk3.jpg\" alt=\"\" class=\"wp-image-13043\" style=\"width:412px;height:auto\"\/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">4. Integrate cloud and on-premise security<\/h2>\n\n\n\n<p>The cloud brings technical issues to security that need to be addressed for on-premise and cloud environments to coexist.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>Area<\/strong><\/td><td><strong>Cloud<\/strong><\/td><\/tr><tr><td><em>Conditional access<\/em><\/td><td>Control access to applications and IT services based on the type and status of the device, the location and role of the user or application, and real-time risk determination (based on Zero Trust principles)<\/td><\/tr><tr><td><em>Hybrid Cloud Identity<\/em><\/td><td>A functioning hybrid identity is a prerequisite for the ability to manage users and corporate data anywhere on the corporate network and in the cloud.<\/td><\/tr><tr><td><em>Classification of information<\/em><\/td><td>Data and document protection through classification, including security by technical means (e.g. encryption)<\/td><\/tr><tr><td><em>Adaptive <\/em><em>Security<\/em><\/td><td>Change the approach from static rules to a continuous dynamic style. Normal behaviour is safe and unusual behaviour is dangerous.<\/td><\/tr><tr><td><em>Cloud integration into on-premise<\/em><\/td><td>Landing zone of the cloud must be connected with on-premise at the level of networks, operational and security monitoring, identities.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">5. Take advantage of the plethora of cloud security tools<\/h2>\n\n\n\n<p>If we successfully master the previous four areas, we can reap the benefits of the cloud. The first is that cloud providers offer us a plethora of security tools and technologies that are integrated and ready to use in cloud platforms.<\/p>\n\n\n\n<p>Examples of tools in AWS and Azure:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS Security Hub<\/strong> - security centre in the Amazon Web Service environment, which integrates disparate security services and solutions, provides a central view of all security policy compliance, and enables automatic response to specific security incidents.<\/li>\n\n\n\n<li><strong>AWS Config<\/strong> - part of the AWS Security Hub, however, it can be used independently of the Security Hub. AWS Config maintains the current state and configuration of all components and allows you to create individual rules to control them.<\/li>\n\n\n\n<li><strong>Azure Policy<\/strong> - a tool for defining security policies and validating (non-)compliance of individual resources with these policies. A huge advantage of Azure Policy implementation is its price - it is completely free.<\/li>\n\n\n\n<li><strong>Defender for Cloud<\/strong> - tool not only for Azure environment (it can integrate AWS and GCP as well), which enables: a) continuous e.g. <em>Microsoft Sentinel<\/em>).<\/li>\n<\/ul>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"129\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk5-300x129.png\" alt=\"AWS Security Hub | ORBIT Cloud Encyclopedia \" class=\"wp-image-13045\" style=\"width:452px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk5-300x129.png 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk5-1024x440.png 1024w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk5-768x330.png 768w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk5.png 1259w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">6. Manage security in the cloud with policies and configurations<\/h2>\n\n\n\n<p>Another key benefit of the cloud is security management through predefined policies and configurations, which both AWS and Azure providers offer for free and can be used immediately. There are more than hundreds of pre-made policies like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Is the web application firewall enabled on my loadbalancer?<\/li>\n\n\n\n<li>Is my database backed up?<\/li>\n\n\n\n<li>Are my disks encrypted?<\/li>\n\n\n\n<li>Is public access to my Kubernetes cluster disabled?<\/li>\n<\/ul>\n\n\n\n<p>There are also&nbsp;<strong>pre-prepared security policies<\/strong> and views for different standards, for example:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ISO 27000:2013<\/li>\n\n\n\n<li>Center for Internet Security benchmark (CIS)<\/li>\n\n\n\n<li>NIST Framework<\/li>\n\n\n\n<li>Payment Card Industry Data Security Standard (PCIDSS)<\/li>\n<\/ul>\n\n\n\n<p>and more, including the ability to create your own security policies or edit predefined ones.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"253\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk6-300x253.png\" alt=\"ISO 27000:2013 | ORBIT Cloud Encyclopedia \" class=\"wp-image-13047\" style=\"width:468px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk6-300x253.png 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk6.png 384w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<p>The tools, along with pre-built configurations and policies, support the three core principles of cloud security:<\/p>\n\n\n\n<p><strong>(A) continuously assess<\/strong> - keep checking your security settings,<\/p>\n\n\n\n<p><strong>B) secure <\/strong>- improve the security settings of cloud resources and services,<\/p>\n\n\n\n<p><strong>C) defend <\/strong>- Detect and resolve security threats.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"88\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/IDK7-300x88.png\" alt=\"Basic principles of cloud security | ORBIT Cloud Encyclopedia \" class=\"wp-image-13049\" style=\"width:452px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/IDK7-300x88.png 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/IDK7.png 486w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\">7. Improve security in the cloud with automation, blueprints and risk base approach<\/h2>\n\n\n\n<p>Another key benefit of the cloud is the use of automation and blueprints, an infrastructure configuration standard in the form of IaaC (<a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/infrastructure-as-a-code-vsechno-co-jste-kdy-chteli-vedet-ale-bali-jste-se-zeptat\/\" target=\"_blank\" rel=\"noopener\">Infrastructure as a Code<\/a>). Together, cloud automation ties in well with application deployment automation by <a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/deployment-pipelines-jdeme-na-to-v-cloudu\/\" target=\"_blank\" rel=\"noopener\">CI\/CD pipeline<\/a> and help innovate, accelerate and streamline IT. <a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/kdyz-v-cloudu-tak-devops-proc\/\" target=\"_blank\" rel=\"noopener\">DevOps<\/a> is becoming an IT reality.<\/p>\n\n\n\n<p>Blueprint templates for repeatable deployment of application, infrastructure and security configurations. <span class=\"TextRun SCXW227563245 BCX8\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun CommentStart SCXW227563245 BCX8\">It is important to have a defined <\/span><\/span><strong><span class=\"TextRun SCXW227563245 BCX8\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW227563245 BCX8\">set <\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">Security <\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">parameters <\/span><\/span><\/strong><span class=\"TextRun SCXW227563245 BCX8\" lang=\"CS-CZ\" xml:lang=\"CS-CZ\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW227563245 BCX8\">(for example <\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">vulnerabilit<\/span> <span class=\"SpellingError SCXW227563245 BCX8\">scan<\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">, penetration tests, OS <\/span><span class=\"SpellingError SCXW227563245 BCX8\">hardening<\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">, data location, data encryption, etc.) and rules for when the parameters should be <\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">applied<\/span><span class=\"NormalTextRun SCXW227563245 BCX8\">. <\/span><\/span><\/p>\n\n\n\n<p>It is good practice to use a catalogue of safety parameters <strong>risk based approach<\/strong>, i.e. define risk classes for applications in the cloud and assign security measures to them. The result can be, for example, five classes of applications, where the higher class extends the parameters of the lower class.<\/p>\n\n\n\n<figure class=\"wp-block-table is-style-stripes\"><table><tbody><tr><td><strong>Class<\/strong><\/td><td><strong>Application type<\/strong><\/td><td><strong>Security measures<\/strong><\/td><\/tr><tr><td><em>L0<\/em><\/td><td>For all - the bare minimum<\/td><td>OS hardening, hardening of application servers, audit log to a separate security account<\/td><\/tr><tr><td><em>L1<\/em><\/td><td>For development environments without sensitive data<\/td><td>SIEM monitoring 2 months<\/td><\/tr><tr><td><em>L2<\/em><\/td><td>Test and acceptance environments Development environments with sensitive data<\/td><td>SIEM monitoring 1 year, vunerability scan, data masking, pentest<\/td><\/tr><tr><td><em>L3<\/em><\/td><td>Production environment without sensitive data<\/td><td>data encryption with AWS key<\/td><\/tr><tr><td><em>L4<\/em><\/td><td>Production environment with highly sensitive data<\/td><td>AWS CloudHSM data encryption<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">8. Let's reach security nirvana or <em>continuous cloud compliance<\/em><\/h2>\n\n\n\n<p>The last key benefit of the cloud is continuous cloud compliance (<a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/continuous-cloud-compliance-aby-byl-vas-cloud-stale-v-bezpeci\/\" target=\"_blank\" rel=\"noopener\">discussed in a separate EC article<\/a>). This principle allows to manage cloud application environments and to monitor the fulfillment of security and operational policies not only at the time of environment creation, but <strong>continuously throughout the entire application operation<\/strong>.<\/p>\n\n\n\n<p>In case of a non-compliance status, the operations or security team is automatically notified according to the type of violated policy - see the following figure:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"132\" src=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk9-300x132.png\" alt=\"Continuous cloud compliance | ORBIT Cloud Encyclopedia \" class=\"wp-image-13051\" style=\"width:472px;height:auto\" srcset=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk9-300x132.png 300w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk9-1024x451.png 1024w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk9-768x339.png 768w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk9-1536x677.png 1536w, http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/idk9.png 1917w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/figure>\n<\/div>\n\n\n<p>The following areas are the basis for implementing continuous cloud compliance:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>existence of security tools in the cloud<\/li>\n\n\n\n<li>the existence of security configurations and policies<\/li>\n\n\n\n<li>ability to automate everything in the cloud using blueprints<\/li>\n\n\n\n<li>the ability to define your own catalogue of security parameters using a risk base approach<\/li>\n<\/ul>\n\n\n\n<p>...complete with processes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>continuous data collection (which sources or their parameters must be continuously monitored),<\/li>\n\n\n\n<li>data evaluation (defining individual policies assessing compliance or non-compliance),<\/li>\n\n\n\n<li>reactions (how to respond to policy inconsistencies).<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Security in the cloud in conclusion<\/h2>\n\n\n\n<p>When going to the cloud, it is important to process the topic <em>cyber security &amp; defence<\/em> <a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/4-obranne-valy-na-ceste-do-cloudu-proc-je-bez-strategie-a-roadmapy-neprekonate\/\" target=\"_blank\" rel=\"noopener\">in the cloud strategy and roadmap<\/a>. The first four of the eight principles described in this article are hygienic and therefore need to be addressed <strong>right at the beginning of the cloud journey<\/strong> - at a time when <a href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/jaka-je-vase-cloudova-vyspelost-napovime-vam-jak-ji-urcit\/\" target=\"_blank\" rel=\"noopener\">on the cloud maturity scale<\/a> you are on level 2 or 3.<\/p>\n\n\n\n<p>The remaining four principles will bring you real benefits when using the cloud only after the previous four principles have been fulfilled. We are able to reap their benefits after reaching higher cloud maturity (approximately level 3-4).<\/p>\n\n\n\n<p>Let's go back to the initial questions: is shared responsibility for security in the cloud a risk or a benefit? Can initial concerns be replaced by enthusiasm?<\/p>\n\n\n\n<p>It is only a risk if we do not take shared responsibility into account and implement the first four principles correctly. Otherwise <strong>benefits and enthusiasm prevail<\/strong>as we will be able to take full advantage of principles 5-8.<\/p>\n\n\n\n<p>How do you see it?<\/p>","protected":false},"excerpt":{"rendered":"<p>Does shared responsibility for security in the cloud represent a risk or a benefit? Turn concern into excitement by following the eight cloud security principles. <\/p>","protected":false},"author":17,"featured_media":13036,"template":"","meta":{"_acf_changed":true,"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"_kad_post_classname":""},"categories":[127,128],"class_list":["post-13033","encyklopedie-cloudu","type-encyklopedie-cloudu","status-publish","has-post-thumbnail","hentry","category-cloud-governance","category-cloud-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu | Encyklopedie cloudu ORBIT<\/title>\n<meta name=\"description\" content=\"P\u0159edstavuje sd\u00edlen\u00e1 odpov\u011bdnost za bezpe\u010dnost v cloudu riziko, nebo benefit? Dodr\u017eujte osm z\u00e1sad cloud security a prom\u011bn\u00edte obavy v nad\u0161en\u00ed.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu | Encyklopedie cloudu ORBIT\" \/>\n<meta property=\"og:description\" content=\"P\u0159edstavuje sd\u00edlen\u00e1 odpov\u011bdnost za bezpe\u010dnost v cloudu riziko, nebo benefit? Dodr\u017eujte osm z\u00e1sad cloud security a prom\u011bn\u00edte obavy v nad\u0161en\u00ed.\" \/>\n<meta property=\"og:url\" content=\"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/\" \/>\n<meta property=\"og:site_name\" content=\"ORBIT | create IT your own way\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-31T12:03:09+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1072\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu | Encyklopedie cloudu ORBIT\" \/>\n<meta name=\"twitter:description\" content=\"P\u0159edstavuje sd\u00edlen\u00e1 odpov\u011bdnost za bezpe\u010dnost v cloudu riziko, nebo benefit? Dodr\u017eujte osm z\u00e1sad cloud security a prom\u011bn\u00edte obavy v nad\u0161en\u00ed.\" \/>\n<meta name=\"twitter:image\" content=\"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-scaled.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/\",\"url\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/\",\"name\":\"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu | Encyklopedie cloudu ORBIT\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/4.184.192.234\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/#primaryimage\"},\"image\":{\"@id\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/#primaryimage\"},\"thumbnailUrl\":\"http:\\\/\\\/4.184.192.234\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/EC22_4-1-scaled.jpg\",\"datePublished\":\"2022-07-01T13:32:32+00:00\",\"dateModified\":\"2024-10-31T12:03:09+00:00\",\"description\":\"P\u0159edstavuje sd\u00edlen\u00e1 odpov\u011bdnost za bezpe\u010dnost v cloudu riziko, nebo benefit? Dodr\u017eujte osm z\u00e1sad cloud security a prom\u011bn\u00edte obavy v nad\u0161en\u00ed.\",\"breadcrumb\":{\"@id\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/#primaryimage\",\"url\":\"http:\\\/\\\/4.184.192.234\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/EC22_4-1-scaled.jpg\",\"contentUrl\":\"http:\\\/\\\/4.184.192.234\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/EC22_4-1-scaled.jpg\",\"width\":2048,\"height\":1072},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\\\/\\\/4.184.192.234\\\/encyklopedie-cloudu\\\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\\\/\\\/4.184.192.234\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\\\/\\\/4.184.192.234\\\/#website\",\"url\":\"http:\\\/\\\/4.184.192.234\\\/\",\"name\":\"ORBIT | create IT your own way\",\"description\":\"ORBIT | create IT your own way\",\"publisher\":{\"@id\":\"http:\\\/\\\/4.184.192.234\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\\\/\\\/4.184.192.234\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\\\/\\\/4.184.192.234\\\/#organization\",\"name\":\"ORBIT s.r.o.\",\"url\":\"http:\\\/\\\/4.184.192.234\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\\\/\\\/4.184.192.234\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"http:\\\/\\\/4.184.192.234\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/logoslogan-01.png\",\"contentUrl\":\"http:\\\/\\\/4.184.192.234\\\/wp-content\\\/uploads\\\/2020\\\/11\\\/logoslogan-01.png\",\"width\":1417,\"height\":829,\"caption\":\"ORBIT s.r.o.\"},\"image\":{\"@id\":\"http:\\\/\\\/4.184.192.234\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/orbit\\\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"8 principles to ensure security in the cloud | ORBIT Cloud Encyclopedia","description":"Does shared responsibility for security in the cloud represent a risk or a benefit? Follow the eight principles of cloud security and turn concern into excitement.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/","og_locale":"en_GB","og_type":"article","og_title":"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu | Encyklopedie cloudu ORBIT","og_description":"P\u0159edstavuje sd\u00edlen\u00e1 odpov\u011bdnost za bezpe\u010dnost v cloudu riziko, nebo benefit? Dodr\u017eujte osm z\u00e1sad cloud security a prom\u011bn\u00edte obavy v nad\u0161en\u00ed.","og_url":"http:\/\/4.184.192.234\/en\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/","og_site_name":"ORBIT | create IT your own way","article_modified_time":"2024-10-31T12:03:09+00:00","og_image":[{"width":2048,"height":1072,"url":"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_title":"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu | Encyklopedie cloudu ORBIT","twitter_description":"P\u0159edstavuje sd\u00edlen\u00e1 odpov\u011bdnost za bezpe\u010dnost v cloudu riziko, nebo benefit? Dodr\u017eujte osm z\u00e1sad cloud security a prom\u011bn\u00edte obavy v nad\u0161en\u00ed.","twitter_image":"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-scaled.jpg","twitter_misc":{"Estimated reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/","url":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/","name":"8 principles to ensure security in the cloud | ORBIT Cloud Encyclopedia","isPartOf":{"@id":"http:\/\/4.184.192.234\/#website"},"primaryImageOfPage":{"@id":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/#primaryimage"},"image":{"@id":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/#primaryimage"},"thumbnailUrl":"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-scaled.jpg","datePublished":"2022-07-01T13:32:32+00:00","dateModified":"2024-10-31T12:03:09+00:00","description":"Does shared responsibility for security in the cloud represent a risk or a benefit? Follow the eight principles of cloud security and turn concern into excitement.","breadcrumb":{"@id":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/#primaryimage","url":"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-scaled.jpg","contentUrl":"http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-scaled.jpg","width":2048,"height":1072},{"@type":"BreadcrumbList","@id":"http:\/\/4.184.192.234\/encyklopedie-cloudu\/8-principu-se-kterymi-zajistite-bezpecnost-v-cloudu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/4.184.192.234\/"},{"@type":"ListItem","position":2,"name":"8 princip\u016f, se kter\u00fdmi zajist\u00edte bezpe\u010dnost v\u202fcloudu"}]},{"@type":"WebSite","@id":"http:\/\/4.184.192.234\/#website","url":"http:\/\/4.184.192.234\/","name":"ORBIT | create IT your own way","description":"ORBIT | create IT your own way","publisher":{"@id":"http:\/\/4.184.192.234\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/4.184.192.234\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/4.184.192.234\/#organization","name":"ORBIT s.r.o.","url":"http:\/\/4.184.192.234\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/4.184.192.234\/#\/schema\/logo\/image\/","url":"http:\/\/4.184.192.234\/wp-content\/uploads\/2020\/11\/logoslogan-01.png","contentUrl":"http:\/\/4.184.192.234\/wp-content\/uploads\/2020\/11\/logoslogan-01.png","width":1417,"height":829,"caption":"ORBIT s.r.o."},"image":{"@id":"http:\/\/4.184.192.234\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/orbit\/"]}]}},"taxonomy_info":{"category":[{"value":127,"label":"Cloud governance"},{"value":128,"label":"Cloud security"}]},"featured_image_src_large":["http:\/\/4.184.192.234\/wp-content\/uploads\/2022\/07\/EC22_4-1-1024x536.jpg",1024,536,true],"author_info":{"display_name":"Luk\u00e1\u0161 Kl\u00e1\u0161tersk\u00fd","author_link":"http:\/\/4.184.192.234\/en\/author\/65463b435543a9cb\/"},"comment_info":"","_links":{"self":[{"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/encyklopedie-cloudu\/13033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/encyklopedie-cloudu"}],"about":[{"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/types\/encyklopedie-cloudu"}],"author":[{"embeddable":true,"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/users\/17"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/media\/13036"}],"wp:attachment":[{"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/media?parent=13033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4.184.192.234\/en\/wp-json\/wp\/v2\/categories?post=13033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}