top of page
©

Availability: Security Principle of the month

Updated: Aug 28, 2020

As we, security professionals, already know, Availability is an integral part of the CIA Triad and plays a significant part in the Cloud world.

By design, public Cloud platforms provides us, the customers, amazing capabilities and technologies for enhancing the availability of our services, apps and data, with almost imaginary SLAs which we probably can't afford and maintain by ourselves. It's important to take this opportunity and utilise the CSP built-in capabilities of maintaining availability of physical hardware, software and services, as well as leveraging various security techniques and tooling to meet organisation's requirements for Business Continuity, in congruence to the Shared Responsibility Model.


The guiding Principle is:

Relevant data, resources and information must be available when it is needed. CSP’s computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access, it all must be functioning correctly

Here are few high-level key points to help us enhance availability, in the spirit of the Principle:


  • Deploy across multiple Availability Zones/Domains (and Regions if possible) multiple instances/VMs/resources/services/data

  • For any service in use, validate CSP provides high-availability for the Control Plane

  • Utilise Auto-Scaling capabilities with defined policies

  • Provide D/DoS protection on the network perimeter (via CDN, auto-scaling, load-load-balancers, traffic key metrics, decoupled infrastructure, CSP native products (e.g. AWS Shield) and 3rd parties solutions)

  • Confirm solution’s design or existing environments have satisfactory BCDR controls and processes in place (based on pre-defined RTO/RPO/RSL)

  • Enable versioning, replication and any other function on files/DBs/code repositories

  • Consider using ‘Shared Values’ to prioritise compute resource access for specific guests/instances (Resource Contention)



Sharing the load!

*The "Security Principle Of The Month" posts are a series of short articles aim to help and guide the security SME, whether it's a Consultant who is reviewing a a solution design proposal, or a DevSecOps engineer deploying a solution, by listing key points of various security controls which should be considered for the proposed solution or to an existing product/environment. This list should be used as a 'complementary' list to any other security controls and strategies already in use within solutions.



**Sources:

- (ISC)² CCSP certification exam materials

- 'AWS Certified Security Speciality'certification exam materials

- 'Azure Security Technologies certification exam materials

- NCSC (National Cyber Security Centre); Cloud Security Principles

- Broad projects experience

- Online information

Comments


Commenting has been turned off.
©
bottom of page