Security Centre and Multi-Cloud Architecture

  

 

Security Centre and Multi-Cloud Architecture

Krishna Jadhav


Security Centre and Multi-Cloud Architecture

In Hyper scalers world Krishna Jadhav build successful multi-cloud solutions using VMware vSphere, AWS, Azure, and GCP.

One of Azure's built-in services is Azure Security Centre. In other words, there is nothing to install or set up. Security Centre may be accessible directly from the Azure interface by activating it. When you deploy workloads on Azure, such as virtual machines, databases, storage accounts, networking components, and other Azure services, it begins to monitor those workloads (Brett, 2021).



Figure 1: Overview of the Azure portal's Security Center blade

(Source: Mulder, 2020)

By turning on this setting, Microsoft will retrieve a daily list of security and critical updates available for Windows and Linux-based computers (Figure 1). These are the initial setup settings for Security Centre (Capizzi, Distefano and Mazzara, 2019). The next step is to put the security settings into action. Enable the following settings in Security Centre:


       Scanning vulnerabilities in operating systems

       Enforcing endpoint protection

       Monitoring disk encryption

       Monitoring network security groups

       Monitoring web application firewalls

       Monitoring next-generation firewalls

       Vulnerability assessment

       Monitoring blob storage encryption

 



Figure 2: Activating Security Command Center on the GCP cloud console

(Source: Mulder, 2020)

The indicated baselines and integrations will be enrolled by selecting the Enable Security Hub button (Figure 2). The CIS baseline should unquestionably be implemented as the globally recognised standard for safeguarding online environments. An explanation accompanies each CIS suggestion to implement a policy. According to Syynimaa (2022), activating the standard price tier provides stronger defence-in-depth, including threat detection offered by the Microsoft Security Response Centre (MSRC).




Figure 3: Cloud Armor menu in GCP

(Source: Mulder, 2020)

There are a couple of things that need explaining in the preceding screenshot. The top part of the screen shows the security baselines that can be enrolled by default: Enable AWS Foundational Security Best Practices v1.0.0 and Enable CIS AWS Foundations Benchmark v1.2.0 have been ticked by default. The third one is the PCI DSS framework (Figure 3). PCI DSS stands for Payment Card Industry Data Security Standard and is specific to financial institutions. AWS Security Hub provides a unified security dashboard.



Figure 4: Using the AWS interface to gain access to Security Hub

(Source: Mulder, 2020)

Conclusion

The solution collects Krishna Jadhav’s results from Amazon GuardDuty, Amazon Inspector, Amazon Macie, AWS "Identity and Access Management (IAM)" Access Analyser, and AWS Firewall Manager, in addition to monitoring alerts from CloudWatch and CloudTrail. CloudTrail may be considered the engine that powers Security Hub as the conclusive understanding. The Security Hub makes it simple to begin monitoring all AWS activity, and it's available through the AWS console, as illustrated in the picture above (Figure 4).

Want to know what DevOps are and what is their relation to Cloud Computing? Proceed to the next Article.


 

Reference List

Brett, M. (2021). Zero trust computing through the application of information asset registers. Cyber Security: A Peer-Reviewed Journal5(1), 80-94. https://www.ingentaconnect.com/content/hsp/jcs/2021/00000005/00000001/art00008

Capizzi, A., Distefano, S., and Mazzara, M. (2019, May). From devops to devdataops: Data management in devops processes. In International Workshop on Software Engineering Aspects of Continuous Development and New Paradigms of Software Production and Deployment (pp. 52-62). Springer, Cham. https://link.springer.com/chapter/10.1007/978-3-030-39306-9_4

Mulder, J. (2020). Multi-Cloud Architecture and Governance: Leverage Azure, AWS, GCP, and VMware vSphere to build effective multi-cloud solutions. Packt Publishing Ltd. https://cdn.ttgtmedia.com/rms/pdf/Multi-CloudArchitectureAndGovernance_ch14.pdf

Syynimaa, N. (2022). Exploring Azure Active Directory Attack Surface: Enumerating Authentication Methods with Open-Source Intelligence Tools. In ICEIS (2) (pp. 142-147). https://o365blog.com/talks/Syynimaa%20(2022).%20Exploring%20Azure%20Active%20Directory%20Attack%20Surface%20-%20Enumerating%20Authentication%20Methods%20with%20Open-Source%20Intelligence%20Tools.pdf

 


Comments

Post a Comment

Popular posts from this blog

Hyperscalers and Cloud Computing services

Image
      Investigating different hyperscalers’ cloud computing services   Krishna Jadhav Investigating different hyperscalers’ cloud computing services Overview In the following article Krishna Jadhav overviewed an example of Great Britain, home to “ hyperscalers ” Alphabet’s Google, Amazon, and Microsoft, opened an investigation on cloud services competitors, with the industry’s current revenue totalling 81% (Reuters, 2022). The key technologies underpinning the growing digital economy are advanced robotics, artificial intelligence, the Internet of Things (IoT), cloud computing, big data analytics, and three‑dimensional (3D) printing. The UK’s tech VC investment sector holds the 3 rd global position, following US and China, with a record-high hit of $21bn during the covid-19 situational issues in 2020 (Wysokińska, 2021). Communications regulator Ofcom also said on 22 nd September it would examine other digital markets over the next year, including mes...
Read more

Metaverse Challenges & Awareness

Image
    Metaverse Challenges & Awareness   Krishna Jadhav Metaverse challenges: Issues you need to be aware of In the Metaverse world, Krishna Jadhav suggests with the virtual reality there are much more significant awareness required challenges it brings to the security aspects. Identity and reputation Regarding the actual world, the issue of personal identity and representation is relatively simple. However, one can ponder what constitutes an individual's identity while discussing virtual worlds or the Metaverse (Chen and Cheng, 2022). And maybe, most significantly, how to demonstrate your identity if a human impersonator or even a machine tries to imitate you. Here, reputation may be crucial for authentication and serve as evidence of the reliability and legitimacy of the entity one deals with (Figure 1). Figure 1: Metaverse taxonomy (Source: Park and Kim, 2022) Information security     Data privacy and security have always been a...
Read more