{"title":"THE CONCEPT OF AUTOMATED COMPLIANCE VERIFICATION AS THE FOUNDATION OF A FUNDAMENTAL CLOUD SECURITY MODEL","authors":"Y. Matseniuk, A. Partyka","doi":"10.23939/csn2024.01.108","DOIUrl":null,"url":null,"abstract":"The primary objective of this research is to develop an advanced automated method for configuring and managing public cloud accounts and subscriptions on prominent platforms such as AWS GCP and Azure. This method involves the application of standardized configurations to ensure optimal performance and security compliance. A significant component of this methodology is the intermittent scanning of the infrastructure of these cloud accounts and subscriptions. This scanning is meticulously designed to identify and address any deviations or non-compliance issues with globally recognized security standards including NIST 800-53 ISO 27001 HIPAA and PCIDSS. The approach leverages cutting-edge automation technologies to streamline the deployment and management of cloud resources. By automating the application of configurations the method aims to reduce manual effort minimize the likelihood of human error and enhance operational efficiency. This automation extends to the continuous monitoring and auditing processes enabling real-time detection of configuration drifts or security vulnerabilities. Furthermore the research delves into the development of a dynamic responsive system capable of adapting to the evolving requirements of cloud security. The automated scanning component plays a pivotal role in this aspect providing ongoing assurance that the cloud environments adhere to the strictest security protocols and standards. Continuous compliance monitoring is critical in today's ever-changing digital landscape where threats to data security and privacy are increasingly sophisticated. By integrating these automated processes the proposed method promises not only to bolster the security posture of cloud environments but also to offer a scalable efficient solution for cloud infrastructure management. This automated approach is poised to set a new standard in cloud management aligning with best practices in IT security and compliance and paving the way for more secure manageable and efficient cloud computing practices. Keywords: Hosting security standards automation cloud technologies cloud service models.","PeriodicalId":504130,"journal":{"name":"Computer systems and network","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer systems and network","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23939/csn2024.01.108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The primary objective of this research is to develop an advanced automated method for configuring and managing public cloud accounts and subscriptions on prominent platforms such as AWS GCP and Azure. This method involves the application of standardized configurations to ensure optimal performance and security compliance. A significant component of this methodology is the intermittent scanning of the infrastructure of these cloud accounts and subscriptions. This scanning is meticulously designed to identify and address any deviations or non-compliance issues with globally recognized security standards including NIST 800-53 ISO 27001 HIPAA and PCIDSS. The approach leverages cutting-edge automation technologies to streamline the deployment and management of cloud resources. By automating the application of configurations the method aims to reduce manual effort minimize the likelihood of human error and enhance operational efficiency. This automation extends to the continuous monitoring and auditing processes enabling real-time detection of configuration drifts or security vulnerabilities. Furthermore the research delves into the development of a dynamic responsive system capable of adapting to the evolving requirements of cloud security. The automated scanning component plays a pivotal role in this aspect providing ongoing assurance that the cloud environments adhere to the strictest security protocols and standards. Continuous compliance monitoring is critical in today's ever-changing digital landscape where threats to data security and privacy are increasingly sophisticated. By integrating these automated processes the proposed method promises not only to bolster the security posture of cloud environments but also to offer a scalable efficient solution for cloud infrastructure management. This automated approach is poised to set a new standard in cloud management aligning with best practices in IT security and compliance and paving the way for more secure manageable and efficient cloud computing practices. Keywords: Hosting security standards automation cloud technologies cloud service models.