IT Architecture In The Age Of The Cloud Competency 3 Assessment.edited
docx
keyboard_arrow_up
School
University of Phoenix *
*We aren’t endorsed by this school
Course
531
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
8
Uploaded by GeneralCrownTiger25
1
Competency 3 – Assessment
University of Phoenix
IT Architecture In The Age Of Cloud/BSACB/531
Will Wilson
2023
Grade: MA
2
Competency 3 – Assessment
Ensuring any business's secure and resilient IT infrastructure is a top priority, as threat actors constantly scan for vulnerabilities in networks and systems to launch malicious attacks. Organizations must stay vigilant to prevent any security breaches that could compromise their data or the availability of their services. Comprehensive security measures must be implemented to detect and prevent any attempts of such malicious activities.
Shared Responsibility Model
With AWS's Shared Responsibility Model, both AWS and the customer assume responsibility for ensuring security and compliance in the cloud. The responsibility areas depend on the type of AWS services and products implemented. AWS manages the security “of” the cloud by providing a secure environment for its infrastructure components, including servers, storage, and networking. AWS provides additional security measures and services, for example, encryption, identity and access management (IAM), and network security to guarantee the security of hosted applications and data. The customer’s responsibility is to manage and monitor data “in” the cloud. Responsibility includes securing applications, data, and operating systems running on AWS’s infrastructure. This includes activities such as configuring firewalls, implementing encryption, managing access controls, and monitoring applications and data for security threats. To assist customers, AWS offers a variety of compliance tools in the AWS Marketplace. These include forensic tools, automated scanning tools, data loss prevention (DLP) products, anomaly detection
systems, continuous monitoring systems, and threat intelligence.
3
The AWS Security Standards found on AWS Security Hub help customers implement a secure, compliant application environment. The AWS Security Standards cover many security-
related services, such as monitoring and event aggregation, authentication and access control, network access control, encryption and key management, and additional security services, such as logging and auditing.
New Computing Model
The shared responsibility model is unique to the cloud environment because the cloud represents a new model for computing that has changed the way that IT resources are provisioned, managed, and secured. The cloud has transformed the way IT resources are managed and secured. The concept of shared responsibility is unique to the cloud environment, as it involves both the cloud provider and the user in managing security. This model ensures that both parties are responsible for their respective parts of a secure environment, allowing better risk management, preventing data breaches, and ensuring compliance with regulations.
In traditional on-premises IT infrastructure environments, the responsibility for security and compliance falls mainly on the company. The company must ensure the physical security of its data and systems, maintain system updates and patches, secure its networks, and adhere to industry compliance and regulations. Moreover, the company is responsible for ensuring data privacy and protection from threat actors. These tasks require significant time, energy, and resources that can be difficult to manage without specialized security expertise.
The division of responsibility between the customer and the cloud provider is different in a cloud environment. Because the cloud provider owns and manages the underlying infrastructure, they are responsible for the security of that infrastructure. This includes physical security,
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
network security, and the security of the virtualization layer. The customer is responsible for securing data and applications running in the cloud environment.
The shared responsibility model is unique to the cloud environment because it recognizes that the cloud provider and the customer have distinct roles and responsibilities when securing cloud-based applications and data. This model ensures that each party takes responsibility for their respective areas of expertise, leading to a more secure and compliant cloud environment overall.
Common Security Threats in a Cloud Environment
Any data and applications connected to the internet are at risk of security threats. Retail businesses can have specific threats because of the type of information used to handle transactions and commerce. Utilizing suitable security is essential to protect critical applications and data privacy and protection. GTR has a rapidly growing online and traditional retail presence worldwide. It is to use strong security protocols against common security threats that can expose the business to financial data loss. The common security threats include the following:
GTR collects payment card data from the customer that is transmitted to and stored in the cloud. Unfortunately, if this sensitive data is not secured correctly, it can be vulnerable to attack and theft. Threat actors can use this data to commit fraud or identity theft, causing considerable financial and reputational damage to GTR. GTR must ensure that their payment card data is protected from unauthorized access.
The website that hosts the online retail site can be vulnerable to SQL injections, cross-site scripting (XSS), and distributed denial of service (DDoS). If the website is not secure, threat
5
actors can deploy malicious code to manipulate sensitive data, such as customer information or login credentials, or cause overwhelming website traffic rendering the website unusable.
Third-party business providers can have security vulnerabilities that handle some GTR payment processing and commerce supply chains. Ensuring our third-party business partners are correctly secured can prevent a weak point from accessing data.
Employees can be the most significant risk to the environment. Off-boarding procedures of employees must be strictly enforced. When an employee is no longer employed, all access to the company must be disabled immediately. For current employees that transfer positions within GTR, proper access must be audited and modified to retain strict system access and data controls. AWS Security Services
Protecting and securing GTR’s applications and data from vulnerabilities and attacks ensures business continues to run as a growing retailer. AWS can provide security services to protect against common security threats in the AWS cloud environment. The AWS security services include:
AWS Certificate Manager (ACM) is a service that encrypts data in transit. ACM can protect sensitive customer data for payment processing.
An AWS Web Application Firewall (WAF) can be used to protect GTR’s online retail website against SQL injections, cross-site scripting (XSS), and distributed denial of service (DDoS). WAF features web traffic filtering to protect from web attacks and exploits, WAF Bot Control to control the use of bots to create excessive web traffic, and WAF Fraud Control to monitor and manage logins to protect against brute force or other malicious login attempts.
6
AWS Identity and Access Management (IAM) controls access to AWS resources by
setting permissions to groups and roles by adding or removing users from the groups.
Mitigation
AWS security services can help mitigate attacks by identifying vulnerabilities and adding
protection to applications and services. The three AWS security services protect against common
security threats. ACM can mitigate sensitive data theft using SSL/TLS certificates to provide a secure channel for data communication between two endpoints over the internet. Protecting payment data is essential for secure data transmission. Using ACM with Amazon Simple Storage Service (S3) can encrypt data at rest waiting for transmission, and when data is in transit. Certificates can be centrally managed and audited using CloudTrail. ACM can be fully integrated with other AWS services and import third-party certificates. Using ACM to monitor certificates ensures valid certificates are used. ACM is a powerful service that helps improve the security and reliability of web applications running on AWS by providing a scalable and easy-to-
use SSL/TLS certificate management solution. WAF helps protect web applications from common web exploits that can affect application availability, compromise security, or consume excessive resources. Creating WAF rules can mitigate attacks across all GTR's websites with real-time visibility. Using WAF with Amazon CloudFront to block malicious requests before reaching the web application. When Elastic Load Balancing (ELB) is used with WAF filtering traffic based on defined rules, such as IP addresses, HTTP headers and body, it provides additional protection against SQL injections, XSS, and DDoS. WAF is also fully integrated with CloudWatch to enable alerting of potential attacks. It will help the IT support team to create and modify rules to ensure that protection is updated.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
IAM allows granular permissions assigned to groups and roles; multi-factor authentication (MFA) adds an extra layer of security for authorized users to access AWS resources; and compliance with regulatory requirements and industry standards with access control features and activity logging. Using IAM, GTR can implement security best practices, reduce the risk of unauthorized resource access, and maintain compliance with regulatory requirements. Using IAM with CloudTrail records actions taken by a user, role, or AWS service in an AWS account. CloudTrail logs can be used for security analysis, resource change tracking, compliance auditing,
and operational troubleshooting. CloudTrail can create trails that capture specific IAM events or actions. The captured logs can be sent to S3 buckets or CloudWatch for storage, analysis, and alerting.
Conclusion
Understanding AWS shared responsibility model will help design and deploy security measures to protect GTR's applications and data hosted on AWS cloud infrastructure. With the shared responsibility model, GTR does not have to maintain the physical infrastructure, as that is
the responsibility of AWS. The retail industry handling monetary transactions and storing customer data makes it appealing for threat actors to search for vulnerabilities to steal data. Being a subject of a security breach can ruin GTR’s reputation and cause a loss of customer trust.
AWS security services can protect GTR’s applications and data to ensure continuous delivery to grow as a leading retailer.
References
Amazon Web Services. (2020, 10 07). AWS Security Hub launches a new user interface for security standards
. Retrieved from AWS: https://aws.amazon.com/about-aws/whats-
new/2020/10/aws-security-hub-launches-new-user-interface-security-standards/
8
Amazon Web Services. (2022). AWS WAF features
. Retrieved from AWS: https://aws.amazon.com/waf/features/
Amazon Web Services. (2023). AWS Certificate Manager Features
. Retrieved from AWS: https://aws.amazon.com/certificate-manager/features/?nc=sn&loc=2
Amazon Web Services. (2023). Shared Responsibility Model
. Retrieved from AWS: https://aws.amazon.com/compliance/shared-responsibility-model/
Amazon Web Services. (2023). What is IAM?
Retrieved from AWS: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction.html?nc2=type_a
Rhysider, J. (2020, 04 2020). Episdoe 63: W0rmer
. Retrieved from Darknet Diaries: https://darknetdiaries.com/transcript/63/
Rhysider, J. (2020, 06 09). Episode 66: Freaky Clown
. Retrieved from Darknet Diaries: https://darknetdiaries.com/episode/66/