Cloud Security Architecture from a Cloud Consumer’s Perspective

Developers have developed applications for IaaS (Amazon AWS, Rackspace, etc) and PaaS (Azure, Google App Engine, Cloud Foundry) Cloud platforms. These platforms provide basic security features including support for authentication, DoS attack mitigation, firewall policy management, logging, basic user and profile management but security concerns continue to be the number one barrier for enterprise cloud adoption. This article introduces the basic principles and patterns that should guide a cloud security architecture.

Cloud security concerns range from securely configuring virtual machines deployed on an IaaS platform to managing user privileges in a PaaS cloud. As cloud services can be delivered in many flavors (SaaS, PaaS and IaaS) and operational models (public, private and hybrid) the cloud security concerns and solutions are context (pattern) dependent. The solution architecture should match these concerns and build security safeguards (controls) into the cloud application architecture. If you understand what you can leverage from your cloud platform or service provider, one can build security into your application without reinventing the capability within your application boundary thus avoiding costly “bolt-on” safeguards. A good practice is to create security principles and architectural patterns that can be leveraged in the design phase. Ultimately a cloud security architecture should support the developer’s needs to protect the confidentiality, integrity and availability of data processed and stored in the cloud.