A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements:
• Data needs to be stored outside of the VMs.
• No unauthorized modifications to the VMs are allowed.
• If a change needs to be done, a new VM needs to be deployed.
Which of the following is the best solution?
An immutable system is the best solution for ensuring that VMs cannot be modified once they are deployed. This aligns with the requirement that no unauthorized modifications are allowed. In an immutable infrastructure, any changes require a new VM to be deployed, thus maintaining the integrity and security of the VMs. Additionally, storing data outside of the VMs is a typical practice in immutable systems, meeting the requirement of external data storage.
The immutable system approach aligns with the requirements by ensuring VMs are protected against unauthorized changes and requiring new deployments for updates or modifications. This approach enhances security, maintains integrity, and supports efficient management of VM instances in cloud environments.