THE CONCEPT OF AUTOMATED COMPLIANCE VERIFICATION AS THE FOUNDATION OF A FUNDAMENTAL CLOUD SECURITY MODEL

Y. Matseniuk, A. Partyka
{"title":"THE CONCEPT OF AUTOMATED COMPLIANCE VERIFICATION AS THE FOUNDATION OF A FUNDAMENTAL CLOUD SECURITY MODEL","authors":"Y. Matseniuk, A. Partyka","doi":"10.23939/csn2024.01.108","DOIUrl":null,"url":null,"abstract":"The primary objective of this research is to develop an advanced automated method for configuring and managing public cloud accounts and subscriptions on prominent platforms such as AWS GCP and Azure. This method involves the application of standardized configurations to ensure optimal performance and security compliance. A significant component of this methodology is the intermittent scanning of the infrastructure of these cloud accounts and subscriptions. This scanning is meticulously designed to identify and address any deviations or non-compliance issues with globally recognized security standards including NIST 800-53 ISO 27001 HIPAA and PCIDSS. The approach leverages cutting-edge automation technologies to streamline the deployment and management of cloud resources. By automating the application of configurations the method aims to reduce manual effort minimize the likelihood of human error and enhance operational efficiency. This automation extends to the continuous monitoring and auditing processes enabling real-time detection of configuration drifts or security vulnerabilities. Furthermore the research delves into the development of a dynamic responsive system capable of adapting to the evolving requirements of cloud security. The automated scanning component plays a pivotal role in this aspect providing ongoing assurance that the cloud environments adhere to the strictest security protocols and standards. Continuous compliance monitoring is critical in today's ever-changing digital landscape where threats to data security and privacy are increasingly sophisticated. By integrating these automated processes the proposed method promises not only to bolster the security posture of cloud environments but also to offer a scalable efficient solution for cloud infrastructure management. This automated approach is poised to set a new standard in cloud management aligning with best practices in IT security and compliance and paving the way for more secure manageable and efficient cloud computing practices. Keywords: Hosting security standards automation cloud technologies cloud service models.","PeriodicalId":504130,"journal":{"name":"Computer systems and network","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer systems and network","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23939/csn2024.01.108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

The primary objective of this research is to develop an advanced automated method for configuring and managing public cloud accounts and subscriptions on prominent platforms such as AWS GCP and Azure. This method involves the application of standardized configurations to ensure optimal performance and security compliance. A significant component of this methodology is the intermittent scanning of the infrastructure of these cloud accounts and subscriptions. This scanning is meticulously designed to identify and address any deviations or non-compliance issues with globally recognized security standards including NIST 800-53 ISO 27001 HIPAA and PCIDSS. The approach leverages cutting-edge automation technologies to streamline the deployment and management of cloud resources. By automating the application of configurations the method aims to reduce manual effort minimize the likelihood of human error and enhance operational efficiency. This automation extends to the continuous monitoring and auditing processes enabling real-time detection of configuration drifts or security vulnerabilities. Furthermore the research delves into the development of a dynamic responsive system capable of adapting to the evolving requirements of cloud security. The automated scanning component plays a pivotal role in this aspect providing ongoing assurance that the cloud environments adhere to the strictest security protocols and standards. Continuous compliance monitoring is critical in today's ever-changing digital landscape where threats to data security and privacy are increasingly sophisticated. By integrating these automated processes the proposed method promises not only to bolster the security posture of cloud environments but also to offer a scalable efficient solution for cloud infrastructure management. This automated approach is poised to set a new standard in cloud management aligning with best practices in IT security and compliance and paving the way for more secure manageable and efficient cloud computing practices. Keywords: Hosting security standards automation cloud technologies cloud service models.
将自动合规性验证概念作为基本云安全模式的基础
本研究的主要目的是开发一种先进的自动化方法,用于配置和管理 AWS GCP 和 Azure 等著名平台上的公共云账户和订阅。该方法涉及标准化配置的应用,以确保最佳性能和安全合规性。该方法的一个重要组成部分是对这些云账户和订阅的基础设施进行间歇性扫描。这种扫描经过精心设计,可识别并解决任何偏差或不符合全球公认安全标准的问题,包括 NIST 800-53 ISO 27001 HIPAA 和 PCIDSS。该方法利用最先进的自动化技术来简化云资源的部署和管理。通过自动应用配置,该方法旨在减少人工操作,最大限度地降低人为错误的可能性,并提高运行效率。这种自动化扩展到持续监控和审计流程,从而能够实时检测配置偏移或安全漏洞。此外,该研究还深入探讨了动态响应系统的开发,该系统能够适应不断变化的云安全要求。自动扫描组件在这方面发挥了关键作用,可持续确保云环境遵守最严格的安全协议和标准。在当今瞬息万变的数字环境中,对数据安全和隐私的威胁日益复杂,持续的合规性监控至关重要。通过整合这些自动化流程,所提出的方法不仅有望加强云环境的安全态势,还能为云基础设施管理提供可扩展的高效解决方案。这种自动化方法有望为云管理设定一个新标准,与 IT 安全和合规方面的最佳实践保持一致,并为更安全、可管理和高效的云计算实践铺平道路。关键词托管安全标准 自动化 云技术 云服务模式。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信