Enabling Secure Cloud Governance using Policy as Code
Ladda ner
Typ
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2022
Författare
Jothimani, Arun Prakash
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Cloud infrastructures are evolving at a rapid rate. Thus, it is important to ensure the stability and reliability of the cloud services [1] as they support many of today’s critical systems. The Cloud Security Governance Deployment Framework [2]
describes the critical security issues that must be considered and analyzed by the developer to ensure a secure cloud environment. With the rapid growth in the data and users, there is a need for solid rules to handle data storage and Identity Access Management(IAM). Lack of proper authentication management [3], user management, authorization management, access management, data management and monitoring can easily open doors for attackers to exploit the system [4]. The initiation, development, implementation, operation, and destruction phase has to be studied based on the cloud security critical domain guidelines, and risk considerations [2][5]. Policy-driven governance can be used to control the provisioning and consumption of cloud services. As discussed in [6], It is a challenging task to identify and implement scalable monitoring for different types of metrics [7] relevant to the Cloud infrastructure of the organization. The industrial state of the art in policy-based governance [8] has to meet the dynamic needs of the organization that changes throughout the period of time. The policy definition and evaluation are tightly coupled in one component via imperative languages, which hinders the easy evolution. This tightly coupled approach gives an opportunity to introduce policy-as-code [9] to modularize and decouple the policy environment for easy governance adoption. The policy based strategy will also provide a better solution to manage user credentials, user authentication and authorization [10].
Beskrivning
Ämne/nyckelord
Cloud Governance , Policy , Infrastructure as code , Configuration Management , Automation