Cloud architecture is the organisation of components and sub-components into a logical, efficient, and effective structure that enables them to work together towards a goal, maximizing strengths and minimizing weaknesses.
Cloud architecture is composed of the components and sub-components found in a cloud. While that’s a very general description, there is more than just technology in cloud architecture. National Institute of Standards and Technology Special Publication 500-929 (NIST SP 500-292) focuses on the entities involved – the cloud consumer, the provider, the auditor, and so on. You really cannot get to the technology without them.
Cloud architecture can be broken down into a four-level taxonomy: role, activity, component, and sub-component. When discussing cloud architecture, it is necessary to state who does what, how, and with what tools.
Well-architected framework
Well-architected framework
A well-architected framework takes a lot of work. There is much to consider when going through this process. At the beginning, there are many questions to answer, such as the following:
The list continues, so it is critical to ensure that architecture is done correctly, with skill, so implementing a cloud does not cause more damage than the good it can provide your business.
Roles
The activities within cloud architecture define access and consumption of SaaS, PaaS, and IaaS. This also includes orchestration, audits, and security.
Choose the components of cloud architecture to meet an objective. What are the specific actions, steps, tasks, and processes that must be completed to accomplish this objective? In considering the cloud, first decide whether a public or private cloud or some combination is the best decision for the business. A hybrid cloud connects, for example, a private to a public cloud. A newer term, multi-cloud, is defined as being public and private without any connection between them.
Another topic to address when choosing components is the issue of interoperability and portability.
Careful consideration of these two issues in terms of the objective of the business is critical from the start of architecting and designing a cloud. The risk of leaving these out at the beginning is that a business may find itself locked into an inadequate or inappropriate architecture.
Sub-components
Sub-components enable a company to address questions of service level agreement (SLA) management, rapid provisioning, and resource changes.
Cloud security architecture
In cloud security architecture, security elements are added to cloud architecture. Cloud security always involves a shared responsibility between the cloud provider and the cloud consumer. The division of responsibility depends on the type of cloud structure you are using: IaaS, PaaS, or SaaS. There is a division of responsibility imagined by the International Organization for Standardization (ISO), NIST, and even the Cloud Security Alliance (CSA). In the end, however, it will be determined by the cloud provider and customer and written into the contract.
As a cloud customer, it is important to do a risk assessment to ensure you understand the consequences of using any form of cloud. If you’re not building your own cloud in your own data center, the contract should state who is responsible for what, or at a minimum, what you can rely on the cloud provider to do.
Here are some security controls to consider when designing or using a cloud solution:
Related Articles
Related Research