As we, security professionals, already know, Availability is an integral part of the CIA Triad and plays a significant part in the Cloud world.
By design, public Cloud platforms provides us, the customers, amazing capabilities and technologies for enhancing the availability of our services, apps and data, with almost imaginary SLAs which we probably can't afford and maintain by ourselves. It's important to take this opportunity and utilise the CSP built-in capabilities of maintaining availability of physical hardware, software and services, as well as leveraging various security techniques and tooling to meet organisation's requirements for Business Continuity, in congruence to the Shared Responsibility Model.
The guiding Principle is:
Relevant data, resources and information must be available when it is needed. CSP’s computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access, it all must be functioning correctly
Here are few high-level key points to help us enhance availability, in the spirit of the Principle:
Deploy across multiple Availability Zones/Domains (and Regions if possible) multiple instances/VMs/resources/services/data
For any service in use, validate CSP provides high-availability for the Control Plane
Utilise Auto-Scaling capabilities with defined policies
Provide D/DoS protection on the network perimeter (via CDN, auto-scaling, load-load-balancers, traffic key metrics, decoupled infrastructure, CSP native products (e.g. AWS Shield) and 3rd parties solutions)
Confirm solution’s design or existing environments have satisfactory BCDR controls and processes in place (based on pre-defined RTO/RPO/RSL)
Enable versioning, replication and any other function on files/DBs/code repositories
Consider using ‘Shared Values’ to prioritise compute resource access for specific guests/instances (Resource Contention)
Comments