Chapter 10 Cloud and Virtualization Security Flashcards
Describe the differences between scalability and elasticity
Scalability is focused on rapidly increasing capacity whereas elasticity says that capacity should expand and contract as needed to optimize costs.
Vertical Scaling vs. Horizontal Scaling
Vertical Scaling increases the capacity of existing servers, such as adding CPU cores or increasing memory.
Horizontal Scaling adds more servers to a pool of clustered servers.
Cloud Service Model Acronyms:
- XaaS
- IaaS
- SaaS
- PaaS
- FaaS
- Anything as a Service
- Infrastructure as a Service
- Software as a Service
- Platform as a Service
- Function as a Service
IaaS
Infrastructure as a Service offerings allow customers to purchase and interact with the basic building blocks of a technology infrastructure, including computing, storage, and networks. Customers can then manage those services anyway they need.
- Customer doesn’t have to manage hardware.
- Provider implements security controls.
- Provider bears the LEAST security responsibility.
The customer is responsible for the security of anything that isn’t Infrastructure. (OS, apps, data)
SaaS
Software as a Service offerings provide customers with access to fully managed application running in the cloud.
Provider is responsible for everything from physical data centers to performance management to security.
Customer is only responsible for limited configuration of the application itself.
Provider bears the MOST security responsibility in SaaS.
PaaS
Platform as a Service offerings fit into a middle ground between SaaS and IaaS solutions. The service provider offers a platform where customers may run applications that they developed themselves.
- provider builds and manages infrastructure and offers customers execution environment with code libraries, services and tools.
Vendor is responsible for the OS, but the customer is responsible for the data and security configuration.
FaaS
Function as a Service platforms are an example of PaaS computing. Customers can upload their own code to the provider, then the provider executes code.
- AWS Lambda service
MSPs
Managed Service Providers provide IT as a service to their customers.
MSSPs are Managed Security Service Providers are MSPs geared towards security.
Public Cloud
Cloud services shared with multiple servers, infrastructure is not dedicated to a single customer.
Supports IaaS, PaaS, SaaS, and FaaS.
More cost efficient than private cloud services because it is a “measured service” (you only pay for the data/storage you use).
Private Cloud
Cloud infrastructure provisioned for a use by a single customer. Could be built and managed by the organization or a third party.
NOT cost efficient; private cloud services tend to have excess unused capacity to support peak demand.
Community Cloud Service
shares characteristics with both public and private models.
Runs a multi-tenant environment, but they are limited to members of a designated community, typically defined by a shared mission or similar security/compliance requirements.
- HathiTrust digital Library is an example.
Hybrid Cloud
catch-all term that describes any combination of public, private, or community cloud services.
Public Cloud Bursting
A firm might operate their own private cloud for the majority of their workloads and then leverage public cloud capacity when demand exceeds the capacity of their private cloud infrastructure.
- AWS Outposts are hybrid cloud. Customers receive a rack of equipment that they install in their own data center, but it is still maintained by AWS.
Shared Responsibility Model
Cloud providers, customers, and vendors must divide security responsibilities.
- Common in IaaS, PaaS, and SaaS.
What is CSA?
Cloud Security Alliance is an industry organization focused on developing and promoting best practices in cloud security. They developed the CCM Cloud Controls Matrix which is a reference document for cloud security.
What is Edge Computing?
Bringing computation and data storage closer to data sources to save bandwidth and response time.
What is Fog Computing?
Using edge devices to perform substantial computation and storage locally.
What is Virtualization?
Allows multiple systems to share the underlying hardware.
What is a hypervisor?
What is it’s primary responsibility?
A special operating system that controls VM access to the underlying hardware.
Enforcing ISOLATION between virtual machines.
What is the difference between a Type I hypervisor and a Type II hypervisor?
Type I hypervisors operate directly on top of the underlying hardware. Common in data centers because it is highly efficient.
Type II hypervisors run as an application on top of an existing operating system. the host OS introduces a level of inefficiency.
What is CASB?
Cloud Access Security Broker is a software that sits between cloud users and cloud apps, and it monitors all activity and enforces security policies.
What are Containers?
Containers provide application level virtualization. Instead of creating an entire VM, containers essentially allow for “virtual applications”.
What is Block vs. Object Storage?
Block storage allocates large volumes of storage for use by virtual server instances,
Object storage provides customers the ability to place files in buckets and treat files as independent entities.
In block storage, you pay for a set amount of storage. In object storage, you pay for what you use.
What is SDN?
Software Defined Networking is a network architecture approach that enables the network to be centrally control or “programmed” using software applications.
- allows engineers to interact with and modify cloud resources through their APIs