Finally, security and audit requirements should be pervasive across the cloud estate. The entire account, network, and shared services concepts will be underpinned by a holistic security and audit ability design strategy. As discussed in the central shared services section, directory and authentication services are important for securing access to workloads, data, and accounts. In addition, a critical consideration for security and audit is having a robust logging framework and a configuration audit process.
There are many different logs that can be captured inside a cloud account for workloads, some provided by the cloud vendor, and others built into individual applications. The more logs that are collected, the better decisions can be made for all aspects of the workload. Having a central logging framework enables the instances, container, platform service or other workload component to act as a stateless machine that doesn't need to exist in order for troubleshooting to take place. Combining the workload logs with other logs, such as network flows, API calls, packet latency, and others will give an insight into how the overall cloud environment is behaving, and it can be done in the future to replay events through log aggregation. This is a powerful method for understanding and securing workloads as the cloud estate grows and becomes ever more complex.
Audit ability is another critical component to consider. As discussed previously, there are cloud vendor services that keep snapshots or views of the overall environment configuration at specific intervals that are useful in many ways. First and foremost, this allows for consistent audit checks to be carried out to prove that the cloud environment is following agreed governance requirements. Second, it also allows for cloud administrators to check for environment drift, misconfigurations, malicious configuration changes, and even for cost optimization.
Automation and Infrastructure as Code are the key enablers for this type of logging and audit control deployments and are directly related to the cloud native maturity model that a company wants to increase as they mature in terms of their cloud journey.