Cloud

Question 1

What is Cloud Computing

Answer 1

The delivery of IT resources over the Internet using a Pay-per-use, self-service model

Question 2

What is the cloud

Answer 2

The cloud refers to software and services that run on the Internet instead of locally on your computer

Question 3

What are 9 characteristics of the Cloud?

Answer 3

1. Resources Pooling
2. Elasticity (Scalability)
3. Easy Maintenance
4. Demand-Driven Self Service
5. Pay as you Grow
6. Chargeback
7. Ubiquitous Access
8. Measures and Reporting Service (Metering)
9. MultiTenancy

Question 4

Public Cloud is…

Answer 4

A publicly accessible cloud environment owned by a third-party cloud provider (AWS, Azure, GCP)

Question 5

Private Cloud is…

Answer 5

Owned by a single organization and can physically reside within that organization or sit with an IT partner. Costs are significantly higher

Question 6

Containers are…

Answer 6

Contains the application and all the elements an application needs to run properly

One requirement: To be hosted and run in order to perform and function
(Can be easily moved and deployed) (small, fast, portable and repeatable)

Two tools and platforms to build and manage are Docker and Kubernetes

Question 7

Serverless

Answer 7

allows developers to purchase backend services on a “Pay as you go” basis. Allows users to write and deploy code without hassle of worrying about underlying infrastructure
(Lower costs, simplified scaling, simplified backend code, smaller deploy process time)

Question 8

Lift and Shift

Answer 8

Strategy of removing workloads and tasks from on storage location and placing them in another location

Question 9

Cloud flexibility

Answer 9

refers to the fact that cloud infrastructure scales on demand to support fluctuating workloads
allows user to choose different storage options depending on security needs, compliance, etc

Question 10

Cloud efficiency

Answer 10

defined as the ability to avoid wasting materials, energy, efforts, money and time in doing something or producing a desired result
capability of accessing applications and services virtually, from any internet connected device, enabling businesses to quickly get apps to market

Remote resources also reduces equipment costs since it does not require upgrades or replacements

Question 11

Cloud interdependence and complexity

Answer 11

As more systems and users are connected to the cloud environment, configurations and access rules need to be rigorously checked to ensure they meet the security and compliance requirements of the organization.

Question 12

Incorrect configuration and poor access rights

Answer 12

Leads to data leaks

Question 13

In cloud systems, Customers must define: 3

Answer 13

1. User Access
2. Data Visibility
3. Each roles permission levels (Hidden, Read-only, Read/Write)

Question 14

Cloud Security responsibilities: 4

Answer 14

Define the Roles
Set Context based policies
Understand the regulatory compliance guidelines
Secure their own data regardless of the platform

Question 15

Shift Left Definition:

Answer 15

Practice intended to find and prevent defects early in software delivery process (testing for security in Dev)

Question 16

CI/CD Process

Answer 16

Plan-Code-Build-TEST-Release-Deploy-Operate-Monitor-Repeat
Orca helps with Code-Build-Test(Infrastructure as code, vulnerability and secret detection) and Operate(Cloud scan)

Question 17

Orca Steps for risk Context map: (5, 3)

Answer 17

1. Discovers cloud assets
2. Identifies asset roles
3. Identifies connectivity
4. Identifies Risks
5. Prioritizes alerts
   
   1. Severity (what type of threat, likeliness to exploit, CVSS Score)
   2. Accessibility (How easy to access, lateral movement risk)
   3. Business impact (resulting damage to org, criticality of asset, sensitive PII)

Question 18

Orca Deployment

Answer 18

Orca Security requires a one-time, essentially instantaneous, impact-free integration into AWS, Azure, or GCP. Following its one-time integration, Orca scans the configuration, network layout, and security configuration. It does so while also reading into virtual machines, disks, databases, and datastores, as well as logs for all cloud assets. It then analyzes the data and builds a full-stack inventory.

Next it automatically assesses the security state of every discovered asset throughout the technology stack, including all four cloud layers: I/S, OS, apps, and data.

SideScanning is similar in that it’s able to build a full model of the cloud environment without affecting it in any way—and all assets and their associated risks are clearly visible. Orca can probe the read-only view it has obtained in an entirely touchless manner.

Orca doesn’t affect or run on any virtual cloud assets, where it might consume resources. This lets an organization fully deploy Orca across 100% of its cloud environment without worrying about potential side effects on performance. And Orca does this without the friction of working with disparate teams (e.g. DevOps) to assess that the timing for deployment is correct.