Chapter 4 Flashcards
Cloud computing Risks by deployment model
To prepare for cloud migration and the requisite contract negotiation (and for familiarization with CCSP CBK content), it is useful to review the risks particular to each of the cloud deployment models. These include the private, community, public, and hybrid cloud models.
Cloud computing Risks: Private cloud
Personal Threats
Natural disasters
External attacks
Regulatory non compliance
Malware
Cloud computing Risks: Community cloud
Eg: Online gaming as a community cloud
1.Resiliency thru shared ownership: this introduces additional risks because each node is its own point of entry and a vulnerability in any one node can result in an intrusion on the others
2.Shared costs: Overhead and cost of the infrastructure is shared among the members of the community, but so are access and control.
3.No Need for Centralized Administration for Performance and Monitoring:
Although this removes many burdens of centralized administration, it also removes the reliability of centralized and homogenized standards for performance and security monitoring.
E
Cloud computing Risks: Public Cloud
Vendor Lock-in
Vendor lock-out
Multitenant environment
Vendor lock-in
There are several things an organization can do to enhance the portability of its data:
- Ensure favorable contract terms for portability.
- Avoid proprietary formats.
3.Ensure there are no physical or technical limitations to moving. - Check for regulatory constraints.
Vendor lock-out
consider the following factors when selecting a cloud provider:
provider longevity
core competency
jurisdictional suitability
supplychain dependencies
legislative env
Mulit tenant env
conflict of interest
escalation of privilege
information bleed
legal activity
Cloud computing risks by service model
Another consideration in cloud migration and contract negotiation is the risks inherent in each of the cloud service models.
Cloud computing risks - IaaS
Personal threats
External threats
Lack of specific skillsets
Cloud computing risks - PaaS
interoperability issues
Persistent backdoors
Virtualization
Resource sharing
Cloud computing risks - SaaS
Proprietary formats
Virtualization
Web app security
Virtualization risks
- Attacks on the hypervisor: type1, type2:
Attackers prefer Type 2 hypervisors because of the larger surface area. - Guest escape:
- Information bleed
- Data seizure
Guest Escape / VM Escape
An improperly designed or poorly configured virtualized machine or hypervisor might allow for a user to leave the confines of their own virtualized instance. This is referred to as guest escape or virtual machine (VM) escape. A user who has successfully performed guest escape might be able to access other virtualized instances on the same host and view, copy, or modify data stored there. Worse, the user might be able to access the host itself and therefore be able to affect all the instances on the machine.
Information bleed
This is another risk stemming from malfunctions or failures. The possibility exists that processing performed on one virtualized instance may be detected, in whole or in part, by other instances on the same host.
Data Seizure
Legal activity might result in a host machine being confiscated or inspected by law enforcement or plaintiffs’ attorneys, and the host machine might include virtualized instances belonging to your organization, even though your organization was not the target.
