View a markdown version of this page

Design principles - Telco Lens

Design principles

  • Secure by design and secure by default: Public cloud services are designed with security as a core principle. Cloud resources are secure by default, with features like isolated network environments, private storage, and encrypted network traffic enabled out-of-the-box. This secure-by-design approach verifies that customers benefit from robust security measures without the need for extensive manual configuration, reducing the risk of misconfigurations and human errors.

  • Shared responsibility model: The shared responsibility model in the public cloud clearly delineates security responsibilities between the cloud provider and the customer. The provider is responsible for the security of the underlying cloud infrastructure, while customers are responsible for the security of their applications and data within the cloud. This division of responsibilities significantly reduces the operational burden on customers, allowing them to focus on protecting their workloads while the provider handles the foundational security of the cloud.

  • Automation and scalability: The massive scale of public cloud operations enables extensive automation of security tasks, such as feature and patch deployments, configuration updates, and threat mitigation. This automation reduces the risk of human errors and provides customers with the benefits of continuously updated security measures. Furthermore, the scale of public cloud providers allows for comprehensive threat intelligence and adherence programs, which customers can leverage to enhance their overall security posture.

  • Workload isolation and visibility: The public cloud's multi-tenant architecture, with strong tenant isolation, provides customers with inherent visibility and control over their resources. In the public cloud, resources are isolated by default, and explicit configuration is required to enable access and connectivity between them. This isolation, combined with comprehensive logging and monitoring capabilities, empowers customers to maintain a clear understanding of their digital assets and network activities, which is crucial for detecting and responding to potential threats.