Now let us take a deeper dive into security as related to cloud-computing architecture. Security will be different for each space in the system, and therefore the technology will be different as well. Security spreads its wings across wide range of domains such as identity access management, different types of encryption, different compliance, different things that are vertically related. With this, one needs to clearly understand how stuff works and how it can be efficiently played around to fit the architecture. The goal will be to build a consistent holistic strategy by picking and choosing the right technology across the wide spectrum of available security solutions.

We begin with security and identity access management (IAM) as shown in the picture above while we traverse through the cloud security circle.

1. Identity Access Management: Is the ability to leverage identities to identify resources and authorize users who can access those resources, nodes, processes, and other entities. IAM provides a fine-grained approach to dealing with cloud security since the resources such as storage, compute, applications, APIs and the consumers such as end users, processes have identity. IAM also provides a mechanism to authenticate the users by letting them access into the system. So, basically IAM is an authentication and authorization mechanism for security control management.
2. Directory services or LDAP: Supports IAM and this stores information about the resources and users so that lookup can be performed easily, and access provided on authorization.
3. Encryption: Is the ability of the subsystem to transform input plain text to cipher text so that the hacker or man in the middle does not get to read the content when on rest or on transit across the cloud.
4. Compliance:  Is the ability to deal with rules and regulations and laws in terms of how we deal with security.
5. Access Control: Role Based Access Control [RBAC] provides a security feature that allows super user access to perform tasks or job on need only basis. Prior to advent of RBAC , the “/bin/sudo” utility was made use of to gain temporary access to root level commands/tools which let non-root user perform privileged tasks. Performing tasks via “sudo” led to vulnerability and RBAC has addressed such an issue. RBAC enables the creation of multiple roles for handling different types of tasks, with roles being assigned specific authorizations. These authorizations are hierarchical and grant privileges to roles. Further authorizations at a granular level are enforced based on privileges associated with the system calls invoked by applications or commands. The roles thus created in RBAC framework are assigned to users which grant them access to special tasks as they need. For example, a role can be such as “storageManager” who has authorization to manage storage disks and this role if assigned to user “vidya”, “vidya” shall be able to run storage management utilities. There can be further granularity introduced to roles such as “storageManagerCreate” and assigned to “vidya” which tells that user “vidya” shall be storage manager only with create role.
6. Applications: Secure applications should to be built indicating the need for access to resources be granted or denied based on underlying permissions on it. Vulnerabilities such as buffer overrun, stack overflow, temporary file overwrite, permission escalations which can provide a path to hacker should be eliminated. Privilege escalation for routines or services should be made on only need basis. Security coding guidelines must be followed in the development lifecycle.
7. Firewall: A technique to block incoming traffic based on source and destination.
8. Management: This comprises of how data flow across various subsystems are managed, logged and reported. Also includes processes covering auditing, and management of rules and policies.
9. Auditing: This is a method of keeping track of events and activities on the system in form of logs. Auditing subsystem enabled on the node helps grab history of actions from a specific task of job executed. It is essential to have auditing in the system enabled by analytics to automatically alert irregular pattern of task.