Explore which OSI Model layer is responsible in Cloud Security. Understand which layer contributes to a secure cloud environment.
With the rise of cloud computing, the responsibility for securing the environment is shared between the vendor and customers. However, a recent report from Oracle and KPMG found that most groups don’t fully understand the model’s responsibilities.
Depending on your deployment type, you may have a different set of responsibilities in the infrastructure, platform and application layers.
1. Infrastructure layer
Known as the hardware layer, this bottommost cloud architecture component handles all the physical compute hardware that drives clouds. Specifically, it encompasses everything from servers and routers to power and cooling systems.
A key feature of this layer is its use of virtualization technologies like Xen, KVM, Hyper-V and VMware to partition physical computing resources into multiple virtual machines. Consequently, this allows the platform and application layers to run on top of the infrastructure without the need for the physical environment itself.
Essentially, this layer is what makes it possible for the cloud to scale and provide rapid access to computing resources. It also allows the platform and application layers to take advantage of infrastructure-level services like database management, network configuration, and encryption.
The responsibilities of the infrastructure layer vary between different cloud service models. For example, a CSP may take responsibility for the security of physical infrastructure components and the actual facilities that house them, while customers are responsible for data, accounts and applications.
This model is a good thing because it allows organizations to focus on what they do best, while leveraging the resources of a CSP for other functions. However, it also means that the organization must be aware of its own responsibilities and work with the CSP to ensure foolproof data protection in the cloud.
Moreover, the platform and application layers are often dependent on this infrastructure layer. For instance, the platform layer requires the infrastructure to support parallel programming design and distributed mass storage for structured data. In addition, this layer needs the infrastructure to fulfill interfaces defined only in the Core layer.
The infrastructure layer is shouldering an increasingly heavy burden. As more and more business operations move to the cloud, the infrastructure must handle an ever-growing number of workloads and connections at the same time. This is creating a strain on infrastructure platforms and leading to performance issues, security vulnerabilities, and other problems. A clear understanding of the shared responsibility model is essential to avoiding these issues.
2. Platform layer
The platform layer is shouldering an increasingly heavy burden of cloud security. It’s no longer enough to just deploy applications and data into the cloud. Businesses must also protect those assets from malicious actors who want to gain unauthorized access or steal sensitive data.
To do this, organizations need to ensure they have the correct authentication and access controls in place. This includes ensuring multifactor authentication is used, monitoring for suspicious activity, and implementing secure encryption protocols. It’s also important to regularly audit a company’s policies and procedures to ensure they are up to date.
Many customers struggle with determining what exactly they need to do in order to keep their environment safe. This is why CSPs like Amazon Web Services (AWS) have developed a model called the “cloud shared responsibility model” to help clear up confusion and set expectations for both parties. This model defines responsibilities of the CSP and customer with respect to securing the infrastructure, operating systems, and application environments in the cloud. Depending on the type of deployment-IaaS, PaaS, or SaaS-customers will have varying responsibilities.
For example, IaaS customers will be responsible for the infrastructure layer but may not have much control over the operating system or application layers. This is why it’s critical for CSPs to provide a level of support that is consistent across deployment types to ensure customers can understand what they need to do in each scenario.
In addition, the OS layer has some limitations that should be taken into consideration. For example, optimizations that remove Windows apps only work on the OS layer and not the other layers. In addition, the layer does not capture changes to local users and groups (see the discussion at Citrix Discussions). Instead, these should be handled using group policy.
To create a platform layer, open the Layers tab and click New Platform Layer. In the Layer Details page, give the platform layer a name and version. Also, specify a maximum layer size to prevent the packaging machine from getting too full. Then click Finish to complete the process. Once the layer is finished, monitor the Task bar to verify that it’s been verified and shut down properly.
3. Application layer
The application layer is the seventh and highest layer of the OSI model. It manages communication across different application programs within a network. It can carry out both general and user-orientated services. These include identification (which ensures that a page you are trying to reach can be identified), information transmission and directory services.
It can also provide encryption for data transmissions and decryption upon receipt. These functions are used by software applications like web browsers and email clients. It’s important to understand the application layer because it determines how a computer network works at the application level. This knowledge can help you optimize your network and determine the cause of a problem if it occurs.
In addition, the application layer can provide authentication for users and a variety of other essential functions. It can also identify the source and destination of a message, allowing it to communicate with its counterpart on another host. It can also determine the amount of time that is required to send a piece of information, which is useful for ensuring a message doesn’t take too long to get where it needs to go.
Despite its importance, the application layer is often overlooked when it comes to security. This is because it is difficult for businesses to know if their cloud provider is protecting their data correctly. However, the truth is that if you don’t have visibility into how your data and applications are being protected, you could be facing serious problems down the road.
As we continue to shift more of our critical business infrastructure to the cloud, it is more important than ever for customers to be aware of the responsibilities that they have in regard to the security of their data. It’s also crucial that they have a clear understanding of the cloud shared responsibility model so that they can protect their data against potential threats. This will help them to avoid costly mistakes that could ultimately result in a loss of data and productivity.
4. Data layer
A data layer is an insulated layer of a web page that focuses solely on data. It allows for the alignment of all teams and tools around a single strategy for collecting data on the site. It makes the data collected by analytics and other tools more reliable, enhances functionality and optimization, and helps to reduce complexity.
For marketers, who are responsible for creating a data layer, it’s important to understand that the Data Layer is not just a list of technical specifications, but a set of business requirements and goals that must be met for each subset of the digital context. For a product or service website, these could include things like transactional data (what was purchased), user data (who made the purchase), spatial and temporal details of the visit (where was the purchase made in the world at what time) and information about possible micro conversions (did the user subscribe to product updates).
To make a data layer truly useful, it must be able to be sourced by as many different tools / users / stakeholders as possible. This means ensuring that the naming conventions used in the data layer can be mapped to a common standard. The use of a data layer also allows for the separation of data handling from the rest of the application, which makes it easier to test and debug issues related to the data layer.
One way to ensure this is the case is to create a repository class for each type of data that you handle in your app. Each repository can contain zero or more data sources. Then, each time a data source is pushed to the data layer, you can use get or set on the abstract data model to retrieve or reset those values.
It’s also good to keep in mind that the data layer should be treated as a living and agile model. Despite its initial implementation as a monolithic, singular entity, it should be constantly evolving to support new business requirements and goals and to remove any idiosyncrasies that have emerged over time. This is a great way to mitigate the risk of re-implementing the same thing over again and making a mess out of it.