One of the first decisions to be made when adopting the cloud is how to leverage cloud accounts to help secure your environments. Your cloud estate typically comprises a range of cloud vendors, commercial models, and resource hierarchies. These can be arranged to maximise security by:
- Simplifying access controls to cloud environments, reducing the likelihood of security incidents arising from overly-complex management systems
- Isolating environments, applications, and managed service partners from one another.
- Separating live, backup, and test data to reduce the risk of data being used in an incorrect context
Cloud estates can be organised by a range of different attributes:
||Can be too fine-grained for organisations with many apps.|
||Often simplifies relationship between pipelines and cloud resource containers, though this is rarely a cause of inefficiency.|
||Often simplifies policy management where governance rules differ based on the audience that the resource is serving.|
||Works when support teams are aligned to department. Needs policy for “shared” resources.|
||Often used in conjunction with another grouping mechanism. See also Environments.|
||Useful where a wider cloud estate is managed by a range of service partners.|
In reality it is likely that large cloud estates will incorporate a combination of these regimes, arranged in a hierarchy.
Edit this page on GitHub
The content on this page is published under Open Source licenses via GitHub. To submit issues or provide feedback please visit the repository.Visit