Cloud Flashcards
What is Cloud Computing
The delivery of IT resources over the Internet using a Pay-per-use, self-service model
What is the cloud
The cloud refers to software and services that run on the Internet instead of locally on your computer
What are 9 characteristics of the Cloud?
- Resources Pooling
- Elasticity (Scalability)
- Easy Maintenance
- Demand-Driven Self Service
- Pay as you Grow
- Chargeback
- Ubiquitous Access
- Measures and Reporting Service (Metering)
- MultiTenancy
Public Cloud is…
A publicly accessible cloud environment owned by a third-party cloud provider (AWS, Azure, GCP)
Private Cloud is…
Owned by a single organization and can physically reside within that organization or sit with an IT partner. Costs are significantly higher
Containers are…
Contains the application and all the elements an application needs to run properly
One requirement: To be hosted and run in order to perform and function
(Can be easily moved and deployed) (small, fast, portable and repeatable)
Two tools and platforms to build and manage are Docker and Kubernetes
Serverless
allows developers to purchase backend services on a “Pay as you go” basis. Allows users to write and deploy code without hassle of worrying about underlying infrastructure
(Lower costs, simplified scaling, simplified backend code, smaller deploy process time)
Lift and Shift
Strategy of removing workloads and tasks from on storage location and placing them in another location
Cloud flexibility
refers to the fact that cloud infrastructure scales on demand to support fluctuating workloads
allows user to choose different storage options depending on security needs, compliance, etc
Cloud efficiency
defined as the ability to avoid wasting materials, energy, efforts, money and time in doing something or producing a desired result
capability of accessing applications and services virtually, from any internet connected device, enabling businesses to quickly get apps to market
Remote resources also reduces equipment costs since it does not require upgrades or replacements
Cloud interdependence and complexity
As more systems and users are connected to the cloud environment, configurations and access rules need to be rigorously checked to ensure they meet the security and compliance requirements of the organization.
Incorrect configuration and poor access rights
Leads to data leaks
In cloud systems, Customers must define: 3
- User Access
- Data Visibility
- Each roles permission levels (Hidden, Read-only, Read/Write)
Cloud Security responsibilities: 4
Define the Roles
Set Context based policies
Understand the regulatory compliance guidelines
Secure their own data regardless of the platform
Shift Left Definition:
Practice intended to find and prevent defects early in software delivery process (testing for security in Dev)
CI/CD Process
Plan-Code-Build-TEST-Release-Deploy-Operate-Monitor-Repeat
Orca helps with Code-Build-Test(Infrastructure as code, vulnerability and secret detection) and Operate(Cloud scan)
Orca Steps for risk Context map: (5, 3)
- Discovers cloud assets
- Identifies asset roles
- Identifies connectivity
- Identifies Risks
- Prioritizes alerts
- Severity (what type of threat, likeliness to exploit, CVSS Score)
- Accessibility (How easy to access, lateral movement risk)
- Business impact (resulting damage to org, criticality of asset, sensitive PII)
Orca Deployment
Orca Security requires a one-time, essentially instantaneous, impact-free integration into AWS, Azure, or GCP. Following its one-time integration, Orca scans the configuration, network layout, and security configuration. It does so while also reading into virtual machines, disks, databases, and datastores, as well as logs for all cloud assets. It then analyzes the data and builds a full-stack inventory.
Next it automatically assesses the security state of every discovered asset throughout the technology stack, including all four cloud layers: I/S, OS, apps, and data.
SideScanning is similar in that it’s able to build a full model of the cloud environment without affecting it in any way—and all assets and their associated risks are clearly visible. Orca can probe the read-only view it has obtained in an entirely touchless manner.
Orca doesn’t affect or run on any virtual cloud assets, where it might consume resources. This lets an organization fully deploy Orca across 100% of its cloud environment without worrying about potential side effects on performance. And Orca does this without the friction of working with disparate teams (e.g. DevOps) to assess that the timing for deployment is correct.
