Public Cloud Security Part-1

In this blog we will discuss the basics of public cloud security and will give direction for any organization to adopt security via Security appliances. We will also discuss the various option available in Cloud Service Provider(CSP)

Introduction

Public Cloud is being adopted by many of the organization to run their workloads(VMs and Container), and various developers are adopting for the development and deployment. This brings security team to define the security in public cloud via various methods, which can include option of adopting Security appliances within public cloud.
When we see the Public Cloud Offerings we see following options:
>> Infrastructure-as-a-service (IaaS) : It includes the conventional method where we build compute, storage, network and databases.
>> Platform-as-a-service (PaaS) : It gives the framework for developing, testing and delivering the applications without deploying underlying infra.
>> Software-as-a-service (SaaS) : It is subscription based service.

It all depends on any org which model they wish to use and on that basis the security is defined on shared model, where boundary of security is shared between CSP and Customer.

Challenges in Public Cloud

The major challenges in Public Cloud for a network and security engineer is lack of visibility and adopting the new front end of workload. When one compare the on-prem workload it might be a bare metal or virtualized , where implementation and troubleshoot with proper visibility. But when we see in public cloud it is very difficult to see the backend infra as well as packet flow, because for any network/security engineer this is the elementary ask.

The other major challenge is the de-centralized method of applying the tools to visualize and mitigate cyberattacks.
At some stage making everything in centralized gives complexity, but at same time defining everything in de-centralized we loose a lot features from infra.

What Vendors are offering

Cisco
Various vendors( Cisco, Plao ALto, Fortinet, Checkpoint, Dell Firewall etc) have different model in public cloud to enhance security in public cloud, as an example Cisco define SASE model which includes the best practices and various services via their different products.
Their Firewall Firepower has different design model via which the security services are enabled on different public cloud. More design related blogs will be updated.

Palo Alto
Similarly Palo Alto has matured design model and service integration with the CI/CD model for deployment with various applications. Being the industry leader in this field it gives the same feeling for network/security engineer to view the network activity via single glass pane. the architecture is commonly named as Secured Cloud Computing Architecture (SCCA)

Fortinet
Fortinet is also famously used in Private Cloud space and have very good integration use cases in Public Cloud space, which includes services like auto-scaling, artificial intelligence and many more gives more elasticity in public cloud spaces. Fortinet terms their architecture as Fortinet Security Fabric.

Summary

In this blog we understood the security service offering in Public Cloud space and the challenges for network and security engineers in CSP model. We even went through the different vendor options and their defined architecture, in further blogs we will discuss the deployment and design decision for Firewall implementation in AWS, Azure and GCP.
We can take reference of our previous blog to revise the basics :
Azure :https://www.networkbachelor.com/azure-iaas-reference-architecture-a-quick-overview/
AWS : https://www.networkbachelor.com/aws-iaas-reference-architecture-and-some-use-cases/
Connectivity to Public Cloud : https://www.networkbachelor.com/architecting-enterprise-connectivity-to-the-public-clouds/
I hope you liked the blog and thanks for visiting, Happy Learning!