Security aspects when moving to the public cloud – IaaS
This is a follow-up from my earlier blogpost around –> http://msandbu.org/security-aspects-when-moving-to-the-public-cloud/ and the purpose about this post is highlighting the security aspects on IaaS services.
With IaaS we have the capabilities to provision a set of virtual machines and have different supporting services around it. The purpose of this post is going to be focusing on what services that are being offered from Google, AWS and Microsoft Azure .However most of the topics in this post will act as general guidelines for IaaS public cloud offerings. So let us start looking and the common scenarioes.
1: Control the Deployment & Automation tools
One of the cool features within Azure (Resource Manager), Amazon( Cloudformation) & Google (Deployment manager) Is that you have services that can be used to automate deployment using either JSON or YAML templates, which of course can ease the deployment time instead of navigating around the UI and setting up resources manually.
Of course this can have a negative effect if someone manages to reuse the same template to overwrite or if you have an orchestration tool which overrites an existing configuration or removes an production enviroment running in the any of the cloud vendors. Now all providers have ways to defined policies for their deployment tools so that they can’t replace or delete an existing deployment. Also combine this with resources locks so no one deletes someone unintended.
Read the entire article here, Security aspects when moving to the public cloud – IaaS
via Marius Sandbu.