Cloud Security
The purpose of cloud security is to protect data that is stored on a cloud computing service from events like theft, leakage, or deletion. Storing data on the cloud is arguably more secure than storing it on local servers because cloud service providers offer superior security measures and have employees that are experts in security. Cloud service providers must also abide by certain regulatory requirements. Cloud security is important to providers, but even more important to the firms using the services.
Events such as data loss, data breaches, account hijacking, insecure APIs, and distributed denial of service pose a substantial risk to firms. Ensuring that a firm’s data is secure in the cloud is important to avoid these events, especially if they are catastrophic. If a firm’s data isn’t properly secured, there can be large financial and reputational consequences. Although these events will always pose risks, cloud service providers give firms the tools they need to effectively secure data. Cloud services are often a more secure way for companies to store information.
Cloud security relates to several of the topics covered in MIS 3406. When building our VPCs, we had to make sure that they were secure. We discussed how routing works and tailored the routes in our VPCs so that instances within the VPC could communicate, instances on the public subnets could be accessed through an Internet Gateway, and instances on the private subnets could not be accessed directly from the Internet. We also discussed network access control lists, which are like firewalls that protect subnets. Although we discussed network access control lists, we utilized security groups instead. Security groups can be tailored to protect individual instances. We used three different security groups, on which we opened specific ports only.
Cloud security and the topics that we discussed in class are very closely related. When architecting a VPC, professionals would use security groups on each instance to control the inbound and outbound traffic. Cloud architects may also use network access control lists to add another layer of security at the subnet level. When we created security groups for our VPCs, we made them all specific to the type of instance they would be used in. For example, we had a web application group and an Elastic Load Balancer group. This is how a security professional would architect security groups for a firm. Each security group would be tailored for the instance in which it was being applied to.
Coinbase, a digital currency wallet, trusts and uses AWS to allow users the ability to trade cryptocurrencies on their platform. Coinbase is one of the largest exchange platforms, with 30 million customers worldwide, also making them one of the biggest targets for hackers. Their goal is to operate as a safe and trusted crypto-economy, striving to be world class at compliance, security and technology. As of 2015, Coinbase has used AWS as its primary infrastructure provider. Recently, Coinbase has also started using other AWS technologies to improve its software deployment process.
Engineers at Coinbase can rely on AWS to help them quickly, securely, and reliably implement updates and new features for the platform. Specifically, Coinbase uses AWS Step Functions and AWS Lambda to architect a reusable framework. These services have helped Coinbase increase their rate of successful software deployments.
Sources
“Solutions.” Amazon, National Council on Vocational Education, 1991, aws.amazon.com/solutions/case-studies/coinbase-step-functions/?did=cr_card.
“Security Groups for Your VPC.” Amazon, 2020, docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html.
Frankenfield, Jake. “What Is Cloud Security?” Investopedia, Investopedia, 25 Aug. 2020, www.investopedia.com/terms/c/cloud-security.asp.