|
|
| (43 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| Before we move on to discussing SaaS solutions, let's take a quick moment to recognize a few additional security peculiarities particular to using cloud services and developing in the cloud. These peculiarities may not apply to you and your organization, but it's useful to recognize them, if nothing else because they highlight how deeply woven security must be into the thinking of CSPs and their clients.
| | {{Saved book |
| | |title=Introduction to Quality and Quality Management Systems |
| | |subtitle= |
| | |cover-image=Time-Quality-Money.png |
| | |cover-color=#fffccc |
| | | setting-papersize = A4 |
| | | setting-showtoc = 1 |
| | | setting-columns = 1 |
| | }} |
|
| |
|
| First, let's look at container security. In Chapter 1, a container was referred to as "a complete runtime environment," but little else was said. In cloud computing, a container—as defined by IBM—is "an executable unit of software in which application code is packaged, along with its libraries and dependencies, in common ways so that it can be run anywhere, whether it be on desktop, traditional IT, or the cloud."<ref name="IBMContainers19">{{cite web |url=https://www.ibm.com/cloud/learn/containers |title=Containers |author=IBM Cloud Education |publisher=IBM |date=12 August 2019 |accessdate=21 August 2021}}</ref> These prove beneficial in cloud computing because containers act as a lightweight, portable way of replicating an isolated application across different environments, independent of operating system and underlying hardware. This essentially makes deployment into a cloud environment—or multiple clouds—a much more approachable task.<ref name="GoogleContainers">{{cite web |url=https://cloud.google.com/containers |title=Containers at Google |publisher=Google Cloud |accessdate=21 August 2021}}</ref>
| | ==''Introduction to Quality and Quality Management Systems''== |
| | {{ombox |
| | | type = content |
| | | style = width: 500px; |
| | | text = This book should not be considered complete until this message box has been removed. This is a work in progress. |
| | }} |
| | The goal of this short volume is to act as an introduction to the quality management system. It collects several articles related to quality, quality management, and associated systems. |
|
| |
|
| But with convenience also comes responsibility towards ensuring the security of the container. Unfortunately, the necessary precautions don't always get taken. According to GitLab's 2020 Global DevSecOps Survey, "56% of developers simply don’t run container scans, and a majority of DevOps teams don’t have a security plan in place for containers or many other cutting edge software technologies, including cloud native/serverless, APIs, and microservices."<ref name="GLABegin">{{cite web |url=https://about.gitlab.com/topics/application-security/beginners-guide-to-container-security/ |title=A beginner’s guide to container security |work=GitLab |accessdate=21 August 2021}}</ref> As such, it would appear more implementation teams should be updating and implementing revised security plans to address the complexities of container security, including the use of container orchestration, image validation, role-based access management, security testing, and runtime security monitoring. NIST's SP 800-190 ''Application Container Security Guide'', while slightly dated, provides a useful reference for more on the topic of container security.<ref name="GLABegin" /><ref name="NIST800-190_17">{{cite web |url=https://csrc.nist.gov/publications/detail/sp/800-190/final |title=SP 800-190 ''Application Container Security Guide'' |author=Souppaya, M.; Morello, J.; Scarfone, K. |publisher=NIST |date=September 2017 |accessdate=21 August 2021}}</ref>
| | ;1. What is quality? |
| | :''Key terms'' |
| | :[[Quality (business)|Quality]] |
| | :[[Quality assurance]] |
| | :[[Quality control]] |
| | :''The rest'' |
| | :[[Data quality]] |
| | :[[Information quality]] |
| | :[[Nonconformity (quality)|Nonconformity]] |
| | :[[Service quality]] |
| | ;2. Processes and improvement |
| | :[[Business process]] |
| | :[[Process capability]] |
| | :[[Risk management]] |
| | :[[Workflow]] |
| | ;3. Mechanisms for quality |
| | :[[Acceptance testing]] |
| | :[[Conformance testing]] |
| | :[[Clinical quality management system]] |
| | :[[Continual improvement process]] |
| | :[[Corrective and preventive action]] |
| | :[[Good manufacturing practice]] |
| | :[[Malcolm Baldrige National Quality Improvement Act of 1987]] |
| | :[[Quality management]] |
| | :[[Quality management system]] |
| | :[[Total quality management]] |
| | ;4. Quality standards |
| | :[[ISO 9000]] |
| | :[[ISO 13485]] |
| | :[[ISO 14000|ISO 14001]] |
| | :[[ISO 15189]] |
| | :[[ISO/IEC 17025]] |
| | :[[ISO/TS 16949]] |
| | ;5. Quality in software |
| | :[[Software quality]] |
| | :[[Software quality assurance]] |
| | :[[Software quality management]] |
|
| |
|
| Some concerns also exist within the virtualization environment, which drives cloud computing. The virtualized environment allows containers to be implemented, but their smooth use depends on a virtualization component called a virtual machine monitor (VMM) or [[hypervisor]], which acts as the "management layer between the physical hardware and the virtual machines running above" it, managing system resource allocation to virtual machines—and by extension, containers—in the virtual environment.<ref name="BarrowcloughSecuring18">{{cite journal |title=Securing Cloud Hypervisors: A Survey of the Threats, Vulnerabilities, and Countermeasures |journal=Security and Communication Networks |author=Barrowclough, J.P.; Asif, R. |volume=2018 |at=1681908 |year=2018 |doi=10.1155/2018/1681908}}</ref> Since hypervisors are shared in a virtualized environment, a compromised hypervisor (say through a malware attack or a means of gaining root privileges) puts the virtual machines running off the hypervisor at risk, and by extension any data running on those virtual machines.<ref name="BarrowcloughSecuring18" /> Limiting the risks to a hypervisor and its associated virtualized machines means ensuring de facto encryption is in place to protect copied images and other files, migrated virtual machines are protected at all points along the migration route, and proper encryption and key management mechanisms are in place for effective access management.<ref name="BarrowcloughSecuring18" /> While the concerns of hypervisor security are largely the responsibility of the public CSPs (Microsoft, for example, touts a multi-layer approach to securing its hypervisors in Azure<ref name="SharmaHypervisor20">{{cite web |url=https://docs.microsoft.com/en-us/azure/security/fundamentals/hypervisor |title=Hypervisor security on the Azure fleet |author=Sharma, Y.; Lyon, R.; Lanfear, T. |work=Microsoft Documentation |publisher=Microsoft |date=10 November 2020 |accessdate=21 August 2021}}</ref>), those running private clouds will have to be sure their attention given to hypervisor security is similarly strong.
| | <!--Place all category tags here--> |
| | |
| Other areas of security concern are found in the overall networking of a cloud. There, attention to the various layers of firewalls, network traffic controls, transport-level encryption mechanisms, and encapsulation protocols is also recommended.<ref name="BoydAchieving18">{{cite web |url=https://www.sdxcentral.com/cloud/definitions/achieving-network-security-in-cloud-computing/ |title=Achieving Network Security in Cloud Computing |author=Boyd, N. |work=Cloud HQ |publisher=SDxCentral, LLC |date=20 July 2018 |accessdate=21 August 2021}}</ref>
| |
| | |
| ==References==
| |
| {{Reflist|colwidth=30em}}
| |
