Chapter 8 - Security in Cloud Computing Flashcards
Infrastructure as a Service (IAAS)
good choice for day to day infrastructure and for temporary or experimental workloads that change unexpectedly
Typically paid for on a per-use basis
Platform as a Service (PAAS)
geard to software development. Provides development platform so subscribers don’t have to build their own infrastructure
Software as a Service (SAAS)
provides on-demand applications to subscribers over the internet (like Salesforce).
removes headaches of patch management and security , administration, version control
4 deployment models for the cloud
public
private
community
hybrid
public cloud
services are provided over a public network like the internet
used when security and compliance requirements aren’t a major issue
private cloud
operated solely for a single organization, usually not pay-as-you-go. Hardware is dedicated, compliance more easily met
community cloud
infrastructure is shared by multiple organizations, usually with same compliance and policy considerations.
hybrid cloud
2 or more of the cloud deployment models
NIST Publication 500-292
Cloud Computing Reference Architecture
Defines 5 Major Roles in a cloud architecture
cloud carrier
cloud consumer
cloud provider
cloud broker
cloud auditor
cloud carrier
provides connectivity between subscriber and provider
responsible for transferring data
cloud consumer
entity that acquires and uses cloud products and services
cloud provider
provider of products and services
cloud broker
acts as intermediary between consumer and provider, helps consumers through complexity of cloud service offerings
cloud auditor
conducts independent performance and security monitoring of cloud services
FedRAMP
Federal Risk and Authorization Mgmt Program
government program that provides standardized approach to security assessment, authorization, continuous monitoring for cloud products and services
PCI DSS Cloud Special Interest Group
Payment Card Industry, Data Security Standard
regulatory compliance effort
Cloud Security Alliance (CSA)
organization devoted to promoting cloud security best practices and organizing cloud security professionals
offers certification and architectural model
Cloud Security Alliance (CSA)
organization devoted to promoting cloud security best practices and organizing cloud security professionals
offers certification and architectural model
Defines cloud control layers (figure 8-3) pg 295 applications information management network trusted computing computer and storage physical
Cloud Security Tools
Cloudpassage’s Halo
www.cloudpassage.com
instant visibility, continuous protection for servers in any combination of data centers, private clouds and public clouds
Delivered as a service, deploys in minutes, scales on demand
Threats and Attacks
abuse of cloud resources
Attacker gets anonymous access to cloud services can create large clusters for password cracking, rainbow tables, malicious websites, etc.
Threats and Attacks
Data breach or loss is at the top of all lists
health information and intellectual property loss can be more damaging than financial because of fines, lawsuits, damage to reputation
Threats and Attacks
insufficient due diligence
ex. moving an application from one cloud environment to another and not knowing the security differences between them
Threats and Attacks
Shared technology issues
multitenant environment may not properly isolate system and applications
Threats and Attacks
Unknown risk profiles
subscribers don’t know what security provisions are made by the provider
Threats and Attacks
Side Channel Attack (aka cross-guest VM breach)
attacker gets control of existing VM or puts his own on same physical host as target and and manipulates other VM on host
