Chapter 8 - Security in Cloud Computing

Question 1

Infrastructure as a Service (IAAS)

Answer 1

good choice for day to day infrastructure and for temporary or experimental workloads that change unexpectedly

Typically paid for on a per-use basis

Question 2

Platform as a Service (PAAS)

Answer 2

geard to software development. Provides development platform so subscribers don’t have to build their own infrastructure

Question 3

Software as a Service (SAAS)

Answer 3

provides on-demand applications to subscribers over the internet (like Salesforce).

removes headaches of patch management and security , administration, version control

Question 4

4 deployment models for the cloud

Answer 4

public
private
community
hybrid

Question 5

public cloud

Answer 5

services are provided over a public network like the internet

used when security and compliance requirements aren’t a major issue

Question 6

private cloud

Answer 6

operated solely for a single organization, usually not pay-as-you-go. Hardware is dedicated, compliance more easily met

Question 7

community cloud

Answer 7

infrastructure is shared by multiple organizations, usually with same compliance and policy considerations.

Question 8

hybrid cloud

Answer 8

2 or more of the cloud deployment models

Question 9

NIST Publication 500-292
Cloud Computing Reference Architecture

Defines 5 Major Roles in a cloud architecture

Answer 9

cloud carrier

cloud consumer

cloud provider

cloud broker

cloud auditor

Question 10

cloud carrier

Answer 10

provides connectivity between subscriber and provider

responsible for transferring data

Question 11

cloud consumer

Answer 11

entity that acquires and uses cloud products and services

Question 12

cloud provider

Answer 12

provider of products and services

Question 13

cloud broker

Answer 13

acts as intermediary between consumer and provider, helps consumers through complexity of cloud service offerings

Question 14

cloud auditor

Answer 14

conducts independent performance and security monitoring of cloud services

Question 15

FedRAMP

Federal Risk and Authorization Mgmt Program

Answer 15

government program that provides standardized approach to security assessment, authorization, continuous monitoring for cloud products and services

Question 16

PCI DSS Cloud Special Interest Group

Payment Card Industry, Data Security Standard

Answer 16

regulatory compliance effort

Question 17

Cloud Security Alliance (CSA)

Answer 17

organization devoted to promoting cloud security best practices and organizing cloud security professionals

offers certification and architectural model

Question 18

Cloud Security Alliance (CSA)

Answer 18

organization devoted to promoting cloud security best practices and organizing cloud security professionals

offers certification and architectural model

Defines cloud control layers (figure 8-3) pg 295
applications
information
management
network
trusted computing
computer and storage
physical

Question 19

Cloud Security Tools

Cloudpassage’s Halo
www.cloudpassage.com

Answer 19

instant visibility, continuous protection for servers in any combination of data centers, private clouds and public clouds

Delivered as a service, deploys in minutes, scales on demand

Question 20

Threats and Attacks

abuse of cloud resources

Answer 20

Attacker gets anonymous access to cloud services can create large clusters for password cracking, rainbow tables, malicious websites, etc.

Question 21

Threats and Attacks

Data breach or loss is at the top of all lists

Answer 21

health information and intellectual property loss can be more damaging than financial because of fines, lawsuits, damage to reputation

Question 22

Threats and Attacks

insufficient due diligence

Answer 22

ex. moving an application from one cloud environment to another and not knowing the security differences between them

Question 23

Threats and Attacks

Shared technology issues

Answer 23

multitenant environment may not properly isolate system and applications

Question 24

Threats and Attacks

Unknown risk profiles

Answer 24

subscribers don’t know what security provisions are made by the provider

Question 25

Threats and Attacks

Side Channel Attack (aka cross-guest VM breach)

Answer 25

attacker gets control of existing VM or puts his own on same physical host as target and and manipulates other VM on host