3. Security Architecture Flashcards
3.1 Cloud Architecture Concepts
Responsibility Matrix: outlines division of responsibilities between CSP and customer. Inlcudes things such as data protection and infrastructure management
Hybrid considerations: offers flexibility and scalability, but also complexity
Third-party vendors: SaaS, PaaS, IaaS. Do security assessments and compliance checks to make sure these services meet security requirements
3.1 Infrastructure as Code
automates security management which can reduce human error, but introduces large scale risk if code has a vulnerability
3.1 Network Infrastructure
Logical segmentation: use VLANs and subnets. limits spread of attacks
SDN: Software defined networking. Centralizes network control and offers consistent policy enforcement, but the SDN controller can be compromised
3.1 Serverless
Replaces a server on your network with something else, such as a cloud service like Azure. Reduces the attack surface but introduces risks if the API is insecure.
3.1 Centralized vs. decentralized
Centralized is easier to manage but causes a single point of failure.
3.1 Containerization
containers provide isolated environments for applications, but require careful management
3.1 Virtualization
improves resource utilization but introduces hypervisor vulnerabilities and VM escape
3.1 ICS/SCADA
Critical for industrial operations but often run as legacy systems which can be vulnerable
3.1 RTOS
Real-Time operating system: used in systems requiring high reliability and real-time processing, they need to operate without interruption
3.1 Embedded systems
Specialized computing systems that have limited resources, difficult to implement robust security measures