Firewall framework for multi-cloud

Abstract

Multi-cloud systems' dispersed design offers issues in guaranteeing security for multi-cloud application components deployed across various clouds. As security concerns develop, cloud users are more interested in understanding the security state of their apps. The existing environment hinders the opportunity for enterprises to shift to the cloud, which may have provided an appealing alternative for corporations. As a result of this, it is vital to offer proper transparency and security attention in multi-cloud setups. A firewall is the main component that acts as the main shield for cloud assets. Managing a few cloud firewalls is becoming more and more complex when it comes to new cyber threats and concerns. This thesis explores the existing challenges in multi-cloud firewall management like lack of standardization, complexity and difficulty in enforcing security policies. This has been a significant problem due to operational overhead and security risks. The objective is to improve the dependability and trustworthiness of cloud services for organizations by applying appropriate security measures to solve current concerns in multi-cloud computing. This framework mainly includes the components like platform adaptor which converts the firewall rules into cloud-specific API calls and the orchestration engine which works as the heart of the framework. The proof-ofconcept demonstrates the framework's ability to enforce context-aware policies, such as global restrictions or tag-driven access controls. This is a policy-driven framework for multi-cloud firewall management which is utilizing Open Policy Agent (OPA) and Terraform for infrastructure provisioning. The framework's effectiveness is demonstrated through a proof-of-concept implementation OPA based policy enforcement and configuration management using NOSQL database. The major goal of this research is to create a standard framework to administer multi-cloud firewalls and also this aims to reduce configuration errors, enhance security posture, and simplify auditability of firewall rules in multi-cloud environments.