Cloud-native design and architecture principles
1. Cloud-native design and architecture principles
Let’s start your journey into cloud-native design. As a cloud security professional, understanding how cloud resources are deployed is imperative to securing the network. In this video, you’ll learn more about what role automation has in deploying cloud-native infrastructure and how understanding cloud-native design contributes to overall network availability. You’ll also learn about managed services, and examine some powerful defense strategies. Cloud-native design is the method of creating and deploying applications and services that are optimized for cloud environments, ensuring scalability, reliability, and security. This method is key to understanding how to automate resources, and most importantly, how to keep your cloud environment secure. Designing cloud infrastructure with automation is very important, and it comes with some really great benefits. Automation will provision assets, with limited manual input. With just a few simple commands, you can choose the number of resources you want to deploy on demand. Imagine you are a cloud security professional working on a cloud site with millions of visitors. You need to deploy enough resources for all of them. Resources cost money, so you want to reduce those resources when you have less traffic. So how do you make sure you’re deploying enough resources for the visitors while not overusing resources? Use autoscaling. Autoscaling is a process where automation sets up resources for you and reduces unused resources. Automation provides a consistent platform across all resources so issues and misconfigurations can be fixed in a centralized location. As a cloud security professional, you'll come across automation often in your career. Sometimes you may need to use services from a third party or managed services. So, what is a managed service? A managed service is a service, application, or ecosystem managed by a third party. Managed services can reduce costs and reduce administrative tasks. Managed services can do things like monitor your network, protect against threats, and maintain compliance, so they can help you with some of your security duties. Now that you know more about automation and managed services, it’s time to discuss defense. One of the ways to protect your assets is to apply authentication between each component. You can think about authentication like getting past a guard in a restricted area. Before gaining access, proper identification must be shown. Authentication is one part of your protection program. You should also use rate limiting. Rate limiting is a method that prevents an operation’s frequency from exceeding a set limit or value. This will help you avoid overusing services or overloading them beyond use. Consider this example of rate limiting. A user is logging into an app on their phone. They enter the wrong password and the app gives them a warning: only two more attempts. They put in another password, but it’s also wrong. The app gives them another warning: only one attempt left. The user tries again, but it’s the wrong password. Now the app blocks them from accessing their account. This is an example of rate limiting based on the number of attempts. The user was limited to three attempts, so the app won’t allow them to continue after they exceed those attempts. Here’s another example of rate limiting where a user meets a data limit. A user is streaming video on their mobile device, which uses a lot of high-speed data. The user gets a message from their service provider warning them that they’ve used up 18 gigabytes of their 20 gigabyte high-speed data allotment. After a short time, the user gets another message. They’ve used up all of their high speed data allotment and their data speed has been downgraded. Along with rate limiting, time-to-live, or TTL, policies let you remove access from assets that don’t need to be accessed anymore. Imagine you have private data that needs to be available externally for a limited time. Once the time to live expires, the data can no longer be accessed. This will help secure your cloud, leaving less data available for possible attacks. When implemented correctly, cloud-native design uses automation to provision assets and employs authentication, rate limiting, and time to live to defend data.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.