Skip to main content

Assess Existing Infrastructure and Identify Threats

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe how to assess existing infrastructure of a business and research cloud-based solutions for migrating engineering functions.
  • Use threat modeling, configuration assessments, and penetration tests to identify and detect possible risks.
  • Explain how to work with architecture, engineering, customers, and development teams to design secure cloud solutions.

Assess Existing Infrastructure

As more companies move critical business processes and applications to public, private, and hybrid cloud infrastructures, cloud security engineers are in high demand. It’s important to build systems that deliver on expectations and requirements. As a cloud security engineer, you help your organization maintain a strong security posture in the cloud. 

In this role, you also help your organization adopt, build, and operationalize cloud technologies. You may migrate existing systems and infrastructure to the cloud, or help plan and engineer cloud-native systems from scratch. You begin this process by assessing existing infrastructure of a business and researching solutions for moving different functions (like database storage) to a cloud-based system. In evaluating existing infrastructure and proposing changes, you work closely alongside the architecture and engineering teams to ensure the systems meet customer expectations and requirements in a secure manner.

Identify Threats and Risks

Today’s networks, users, and devices are under constant assault from cyber threats. We work, shop, bank, and communicate in an online world. And it’s more difficult than ever to navigate our digital footprint in this online world while ensuring the privacy and security of our critical financial data, health records, and other information. 

Cloud security engineers perform threat modeling, configuration assessments, and penetration tests to identify and detect possible risks to cloud-based systems. They do so for existing and proposed platforms. Let’s take a look at what each of these entails.

  • Threat modeling: Threat modeling helps cloud security engineers understand common assets, controls, and security gaps so they can plan remediations before deploying systems to production.
  • Configuration assessments: It’s important for cloud security engineers to assess configurations by cloud providers to make sure they’re implemented properly and securely.
  • Penetration tests: Before a product is released to production, cloud security engineers simulate cyberattacks against cloud systems to check for exploitable vulnerabilities. The results of these tests are used to augment the organization’s defenses of its cloud-based systems.

Now that you understand more about the steps you, as a cloud security engineer, follow to identify threats and risks, let’s next look at how you work across teams to design secure cloud solutions.

Designing Secure Cloud Solutions

Meet Marie. Marie takes on many technical roles for Torontobank, a multinational banking and financial services corporation headquartered in Toronto, Canada. One of her roles is to build secure cloud systems for the bank’s mortgage data. Marie knows doing so is an ongoing journey—one that requires creating an environment in which all relevant teams can contribute to the project’s requirements and ensure that the system both meets business needs and does so securely. 

Marie compares the process of designing a secure cloud system to the process of making a movie. Each production is a large and complex endeavor. The actors, director, script writers, video animators, and technical professionals need to work together and stick to a demanding schedule.

Different people including a director, film crew, actor, set designer, hair stylist are) working together to create a movie

In the same way, Marie, as a cloud security engineer, has to work with product teams, project managers, architects, engineers, and developers to produce a complex project on time, in a secure manner. She negotiates terms with vendors and works across teams to migrate or build systems and maintain them. She also analyzes existing cloud structures and creates new and enhanced security methods, collaborating closely with security architects and the governance, compliance, and security team in developing cloud security frameworks for the organization. 

Marie knows that just because cloud computing can be easy to use, it doesn’t mean she doesn’t need a plan for keeping her organization secure. All technology organizations should have a cloud security governance framework in place no matter their size. The cause of many challenges is a fundamental lack of governance. Without a framework for making decisions, entropy increases and the desired outcomes suffer.

Marie also defines security best practices for the company’s cloud platforms. She does this by:

  • Providing guidance to the application development team to ensure best practices are implemented in the application’s design and deployment, in compliance with the company’s cloud governance policies
  • Channeling the voice of the customer to the development teams in implementing new features and resolving security issues
  • Working with development teams to design cloud-native solutions and provide security requirements and best practices for environments and workflows established on public, private, or hybrid cloud platforms
  • Documenting security policies for the cloud environment and building tools to automate enforcement of that policy for compliance
  • Collaborating with information technology (IT) teams to integrate existing structures and technologies (such as the enterprise access control system) into cloud-based systems

Marie knows that being proactive about working across teams to design secure cloud solutions enables her to help Torontobank develop strategies to minimize its exposure to potential threats. Creating a safe environment for teams to contribute and work together helps her secure cloud systems and identify risks and threats before they cause serious harm. She also makes sure to stay up to date on the latest cloud security training to make sure she’s got all the tools she needs to be effective.

Resources

Salesforce ヘルプで Trailhead のフィードバックを共有してください。

Trailhead についての感想をお聞かせください。[Salesforce ヘルプ] サイトから新しいフィードバックフォームにいつでもアクセスできるようになりました。

詳細はこちら フィードバックの共有に進む