Public cloud providers supply services that organizations use to develop cloud applications. Unfortunately, an inherent flaw of these services is that their globally accessible nature may lead to unauthenticated access. Helping mitigate this risk is the shared security model, in which the cloud provider exposes security features that organizations can use to protect their cloud applications.
Whether you are developing a cloud-native application or migrating an existing application to the Cloud, it is critical to have the appropriate infrastructure and application design. A well-thought-out design is a template you can use to implement cloud provider services effectively and securely. It provides a general overview of the system and simplifies your decisions regarding where to implement security controls.
Synopsys Cloud Architectural Risk Analysis (ARA) is an interview-driven application and cloud infrastructure assessment process that evaluates a cloud application’s design and security controls. Cloud ARA can help you design security controls for a cloud migration or assess the effectiveness of controls in an existing application.
Cloud ARA identifies all platform components in a cloud application and their architectural relevance. We analyze the security threats affecting these components and crossreference the security controls in place to determine how effective these controls are at reducing threats. The output is a design document that highlights areas where controls are sufficient, insufficient, or absent and proposes remedies to improve the application’s security posture. Security areas examined include the following, among others:
Authentication, authorization, and identity management
Operational management processes
Our Cloud ARA methodology factors in best practices from cloud service providers and security standards from reputable sources (including hardening guides such as the Centre for Internet Security [CIS] Benchmarks). We periodically realign the methodology to the compliance and regulatory standards that many organizations have to adhere to when implementing computing services (HIPAA/HITEC, ISO/IEC 27001, ISO/IEC 27017, PCI DSS 3.x, etc.).
The artifacts produced by Cloud ARA can serve as blueprints for teams migrating applications with a similar risk profile. Cloud ARA during initial development of new applications can also provide recommendations that influence their design.
Synopsys Cloud ARA offers significant benefits because its multipurpose nature focuses on the design of cloud applications and on cloud infrastructure support of application and security controls. Additionally, Cloud ARA can be used to prioritize activities—for example, by highlighting services that deal with sensitive information or are likely to have weak security controls, which customers can focus on during implementation reviews. Possible follow-on assessments include configuration review, penetration testing, and vulnerability analysis or code review of the cloud application.
As a stand-alone service, Synopsys Cloud ARA fulfills many regulatory standards’ requirement for a security architectural assessment. For example, the ARA diagram meets the ISO/IEC 27017 requirement for network diagrams to clearly identify high-risk environments and the dataflows into and out of them. Cloud ARA also lists the security controls used to protect this data and makes recommendations when they are insufficient.