A Cost-Effective Zero-Trust Approach for Cloud Computing: Experimental Evaluation on AWS Platform
Mowloughi, Aref (2024-06-30)
A Cost-Effective Zero-Trust Approach for Cloud Computing: Experimental Evaluation on AWS Platform
(30.06.2024)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2024072562197
https://urn.fi/URN:NBN:fi-fe2024072562197
Tiivistelmä
As the volume of data continues to expand and the intricacy of managing conventional on-premise data centers becomes increasingly burdensome, numerous organizations are transitioning their infrastructure to cloud-based solutions. A pivotal aspect of this investigation is the integration of Zero Trust principles into cloud environments, with a particular emphasis on the widely recognized and globally utilized Amazon Web Services (AWS) platform. The thesis examines the limitations of traditional location-based security measures and highlights scenarios where they prove ineffective. Furthermore, it will elucidate how adopting a zero-trust approach can address these shortcomings and offer more robust security solutions in an automated, cost-effective approach. Through examining case studies and adherence to AWS security best practices, the research provides insights into the practical implementation of ZTA on AWS. This encompasses considerations for identity and access management, network segmentation, and real-time monitoring to establish a comprehensive security posture.
Moreover, the study assesses the feasibility of providing automated solutions for monitoring and threat remediation to alleviate the burden on the security team and mitigate human errors with the minimum costs possible. The proposed model, known as the Cost-Effective Zero-Trust (CEZT), demonstrated an enhancement in the security score of a cloud infrastructure on the AWS platform across five different security standards through a zero-trust approach. For the CIS AWS Foundations Benchmark v1.2.0, the security score improved from 23% prior to implementing CEZT to 26% post-implementation, marking the smallest improvement. Conversely, the most notable improvement was observed with the AWS Foundational Security Best Practices v1.0.0 standard, where the security score increased from 44% to 77%. Additionally, the CEZT model contributes to cost reduction for organizations by utilizing free or less expensive security tools. Furthermore, it also provides automation by enforcing security measures on resources automatically, thereby alleviating the burden on the security team and minimizing human errors. Through the use of zero-trust principles, CEZT also considers the possibility of insider threats, which is one thing the traditional perimetry-based security approaches lack.
Moreover, the study assesses the feasibility of providing automated solutions for monitoring and threat remediation to alleviate the burden on the security team and mitigate human errors with the minimum costs possible. The proposed model, known as the Cost-Effective Zero-Trust (CEZT), demonstrated an enhancement in the security score of a cloud infrastructure on the AWS platform across five different security standards through a zero-trust approach. For the CIS AWS Foundations Benchmark v1.2.0, the security score improved from 23% prior to implementing CEZT to 26% post-implementation, marking the smallest improvement. Conversely, the most notable improvement was observed with the AWS Foundational Security Best Practices v1.0.0 standard, where the security score increased from 44% to 77%. Additionally, the CEZT model contributes to cost reduction for organizations by utilizing free or less expensive security tools. Furthermore, it also provides automation by enforcing security measures on resources automatically, thereby alleviating the burden on the security team and minimizing human errors. Through the use of zero-trust principles, CEZT also considers the possibility of insider threats, which is one thing the traditional perimetry-based security approaches lack.