The second repetition of cloud safety engineering has made the perfect child's play. The real challenge is the presence of sufficient first repetition. If the first is that, engineers will have to spend weeks to reset their configurations or start implementation from the zero point. Worse than that, your initial cloud security situation may have more holes than Swiss cheese from Emmental.
Seasoning sellers provide thousands of articles, educational lessons, and web pages that explain all cloud security details. But what matters most to the first design is the guidelines of security engineers Systematically Developing a “large design” to protect cloud drug. The methodology must be beneficial to both architects and architects who work with a specific cloud for the first time.
So, how well the AWS frame is well made, Google cloud Security Corporation guide, and different Microsoft Azure Frames? Let's divide the famous sellers security guide.
Google Cloud Security Guide
The 130 -page Google Aman's guarantee guide offers Google, its principles, and the GCP environment sample that works as an example in the central part of the document. It shows eight topics related to security, from network management, identity and access (IAM) to application bills and security (II.5-II.12, see Figure 1). The central pieces of all these sub -goals are architecture and security engineering patterns.
Figure 1 – Google Cloud Security Foundation – Extracting chapters related to architecture with patterns
Who is the best?
Figure 2 imagines the document style: a large architectural scheme and a text explanation and schedule with details to prepare accurate composition. The slogan: “Presenting and explaining a plan.” thus, Security engineers New in GCP or processing one of these safety topics for the first time, benefits from an initial vague design style that can review and customize the context of the concrete company.
Figure 2- Extract from Section 7.3, the cloud communication pattern from the institution to Jugal
AWS Work framework well
Amazon launched its AWS framework already in 2015. It initially included five columns but it has six today: operational excellence, security, reliability, performance efficiency, cost improvement, and sustainability. In recent years, AWS has completed these columns with the technology and industry of the sector (Figure 3).
Figure 3 – AWS framework overview.
AWS Framework for Security Brain is 155 pages that separate 66 security topics. They describe structured needs and requirements in seven areas: Security Corporation, ID and Access Management, Detection, Infrastructure Protection, Data Protection, Accident Response, and Application Security. The structure may differ from one of GCP. However, the main difference is the AWS approach to present topics.
GCP places architectural plans in the midst of interpretations, while AWS provides a well -designed frame without any chart (almost). AWS follows a very solid structure, as Figure 4 imagines. It is the same for all topics: the required results and anti -anti -materials (i.e., usually observed in bad designs), followed by a short risk statement that shows the consequences of not addressing a specific topic sufficiently. Next is the implementation guide with a mixture of tasks and steps. The topic descriptions are concluded with links to additional articles that provide more ideas and highlight other related AWS framework topics.
Figure 4- Description of the description in AWS Framework Security Pillar well, SEC08-BP04 Imposition of access control
Who is the best?
So, for whom is AWS useful? Obviously, he is the best friend of every project manager. The designs that security engineers must submit and engineers must implement. However, architects should not expect any design or pattern that helps them design solutions, although the frame contains links for possible useful information for the last purpose.
Azure security documents
Azure is not only one but many competing and interfering frameworks and methodologies. In particular, there is an abandoned framework and a center for architecture AZURUR Security Fundamentals. As Figure 5 shows, the latter has two parts focusing on them Basic security architecture topicsProviding cloud solutions and protecting azure resources. Both sections are associated with multiple web pages. In the case of best cloud safety practices, it covers various areas of safety, from networks to Paas Security. Individual pages offer sub -sects, and are often with best practices drawn in one sentence – “do not allow broad ranges” or “empowering SSO” – followed by other short interpretations. But how do Azzure Agecital Agrectals Architects help stimulate their work in their field of work and design?
Figure 5 – AZURUR Security Construction Documents
Who is the best?
The documents provide great interpretations of the basic topics and stimulate readers to click on links to read additional articles, which helps them to increase their general understanding of security topics. However, civil engineering is not efficiently learned by reading all relevant Britannica articles. Likewise, architects in beginners AZURE learn concepts, but they do not learn a methodology or obtain a list of conclusive tasks when browsing through these documents. There are also no architectural plans explaining the interaction between the various Azzure cloud components and security services.
It is also worth noting a set of Microsoft Plans of Architectural Persons (Benate AzurIncluding many topics related to security (for example, “insurance Mlops Solutions with the security of the Azure Network “). Once again, it is well written and rich in information. It helps architects and engineers understand the designs of best practices for specific and even very specialized topics. However, displaying plans is not a systematic introduction that will help security engineers with the IAS or Paas first.
Then, there Azure General Work Framework. It settles on five columns, one dedicated to security. The safety column covers five areas – identity management, infrastructure protection, application security, data and encryption, and safety resources (Figure 6). Unlike AWS, the Azure frame does not provide an organized list of requirements. Instead, he explains in short concepts and links to additional resources – a direct training process cannot be performed, not for security engineers, project managers or architects.
Figure 6 – The well -defined AZURE frame
The bottom line
Azure has many learning resources and documents for all advantages related to security and non -security related, but the learning curve of security engineers is high. Architects must rule the security field and look at how to address various topics in their large design. On the other hand, the GCP Security Corporation guide provides ready -made architectural plans for use that address the interaction between the various cloud safety features and their components for decisive safety fields. Finally, there is a well -determined AWS frame: the Prussian sober, without a soul, to a point, and excessively organized. Provides a clear and luxurious overview of the things to do. It may be reusable as inputs for an initial definition of work packages for other withdrawal.
