Cloud Models & Roles

Question 1

Cloud Application

Answer 1

An application that is accessed via the internet rather that installed and accessed locally

Question 2

Cloud Data Portability

Answer 2

The ability to easily move data from one cloud provider to another

Question 3

Cloud Deployment Model

Answer 3

The way in which cloud services are made available through specific configurations that control the sharing of cloud resources with cloud users

Question 4

List Cloud Deployment Models

Answer 4

Public
Private
Community
Hybrid

Question 5

Cloud Resources

Answer 5

Compute, storage, and networking capabilities that a cloud provider shares with a cloud user including physical equipment located in the data centers and virtual resource like OS and apps

Question 6

Cloud Services

Answer 6

Capabilities made available to a cloud user by a cloud provider through a published interface (e.g. mgmt console or CLI, etc.)

Question 7

Cloud Service Category

AKA

Answer 7

A collection of cloud services that share a common set of features or qualities

Cloud service categories are labelled XaaS (X as a Service)

AKA - Cloud Service Models

Question 8

Cloud service customer data

Answer 8

Any data objects under the control of the cloud service customer and that were input to the cloud service by the cloud customer or generated by the cloud service on behalf of the cloud customer

Question 9

Cloud Service Derived Data

Answer 9

Any data objects under the control of the cloud service provider and that were derived by interaction of the cloud customer with the cloud service. Derived data may include access logs, utilization information and other forms of metadata

Question 10

Cloud Service Provider Data

Answer 10

Any data objects related to the operations of the cloud service and that are fully under the control of the cloud service provider. Provider data may include cloud service operational data, information generated by the cloud service provider to provide services, and similar data not owned or related to any specific cloud customer.

Question 11

Private Cloud

Answer 11

Cloud deployment model where cloud services are provided to a single cloud service customer who controls their own cloud resources

can be hosted or on-prem; if compute, storage and network is reserved for just one customer it is a private cloud

Often used for legal or compliance or security purposes

Question 12

Community Cloud

Answer 12

Cloud deployment model where cloud services are provided exclusively to a group of cloud service customers with similar requirements. It is common for at least one member of the community to control the cloud resources for the group.

Question 13

Hybrid Cloud

Answer 13

Cloud Deployment model that uses a combination of at least two different cloud deployment models (public, private or community)

Models are bound together by technology that enables data and application portability

Question 14

Infrastructure as a Service

Answer 14

Cloud service category/model that provides infrastructure capabilities to the cloud service customer

Infrastructure service capability: The cloud customer can provision and maintain granular control over compute, storage, and network resources.

CSP retains ownership and maintains the underlying infrastructure.

Question 15

Platform as a Service

Answer 15

Cloud service category/model that provides platform capabilities to the cloud service customer

Platform service capability: The cloud customer can run code, develop, and test applications using programming libraries that are managed and controlled by the cloud service provider.

Operating systems and DBs provided.

Question 16

Software as a service

Answer 16

Cloud service category that provides software/application capabilities to the cloud service customer

Software service capability: The cloud customer can use applications that are fully developed and managed by the cloud service provider.

Question 17

List key roles of the cloud service customer and activities they are responsible for?

ISO standard that defines the roles and responsibilities of CSC?

Answer 17

Cloud architect: Evaluates cloud technologies and services and designs the overall architecture of the cloud deployment to meet organizational requirements.

Cloud service user: Uses services provided by the CSP.

Cloud service administrator: Configures, manages, and monitors the use of cloud services.

1SO17789 CSC Role

Question 18

Key roles and activities performed by the cloud service partner?

Answer 18

Cloud auditor: Performs audits of cloud environments and provides audit reports.

Cloud service broker: Provides a marketplace for approved services, manages contracting, and securely integrates cloud services with on-prem applications.

Question 19

IaaS Key Benefits

Answer 19

Cost Efficiency - Trade CapEx (capital expenditure) for OpEx (Operational Expenditure); cloud provider pays for managing physical security and energy of data center; reduction of maintenance support and ownership costs

Availability and Reliability - customers can load balance and have redundancy across infrastructure spanning regions

Scalability -additional resources can be procured, provisioned, and expanded quickly and with ease to support growing demand

Metered pay per use

Question 20

PaaS Key Benefits

Answer 20

Cost efficiency: Devs pay only for cloud resources they use

Flexibility: Devs can switch between OS and software versions

Simplicity: Infrastructure and OS managed by CSP, so devs don’t have to patch and upgrade OS or libs

Ease of access: Access dev environments from anywhere in the world and makes it easy to collaborate and share information

Question 21

SaaS Key Benefits

Answer 21

Cost Efficiency: Eliminates the need for Sys Admins and dedicated HW/SW.

Licensing: Effectively lease or borrow license as software is used, eliminating the need to purchase a full set of licenses. Use discounts realized by CSP, because the CSP has larger scale.

Standardization: Consistent experience for users because cloud provides standardized application, with the latest and greatest versions of software, with little to no action take by customer

Question 22

Public Cloud

Answer 22

A set of cloud computing services that can be accessed by anyone willing and able to pay for them; May be owned by business, academic or government organization

Question 23

Public Cloud Benefits

Answer 23

Easy to set up and manage
Highly scalable resources
Resource efficiency and cost effective

Question 24

Benefits of Private Cloud

Answer 24

Increased Ownership and Governance

High level of system and data control

Question 25

Community Cloud Benefits

Answer 25

Mirror public cloud (Easy to set up and and manage, Highly scalable, resource efficiency and cost Effective)

Common set of requirements ensures the cloud meets these requirements

Question 26

Hybrid Cloud Benefits

Answer 26

Reuse of existing infrastructure and technology: already have infrastructure from private or community cloud, but want the benefits of public cloud or may have to maintain some private/community cloud for compliance/legal/business reasons

Control over critical or sensitive systems: keep sensitive data in private/community cloud while allowing less sensitive data in public cloud

Disaster recovery support: Benefit from redundancy and reliability assurance of public cloud, for customers that already have private cloud

Question 27

Cloud (service) provider (CSP)

Answer 27

An entity making cloud services available for use.

The vendor offering cloud services.

Question 28

Cloud (service) customer

Answer 28

A person or group that is in a business relationship to provision and use cloud services from a cloud service provider.
The entity purchasing the cloud services e.g. paying the bill

1SO17789 primary role

Question 29

Cloud (service) user

Answer 29

A person or entity (which may be a device, for example) that uses cloud services on behalf of the cloud service customer.

1SO17789 primary Role

Question 30

Cloud service partner (CSN)

Answer 30

A person or group that supports the provision, use, or other activities of the cloud service provider, the cloud service customer, or both.

Includes all roles that are not CSC or CSP.

1SO17789 primary Role

Question 31

Cloud Auditor Desc?

What standard and subrole?

Answer 31

A cloud service partner who is responsible for conducting an audit of the use of cloud services. An audit may be for general security hygiene, but is often for legal or compliance purposes

Performs an independent examination of the cloud service provider with the intent to verify conformance to standards and/or compliance.

independent = third party

1SO17789 CSN Role

Question 32

CASB

Standard and Type of subrole?

Answer 32

Cloud Access Security Broker (CASB) A third-party entity offering independent identity and access management (IAM) services to CSPs and cloud customers, often as an intermediary. This can take the form of a variety of services, including single sign-on, certificate management, and cryptographic key escrow.

1SO17789 CSN Role

Question 33

Cloud (service) broker

Standard and Type of subrole?

Answer 33

A cloud service partner who negotiates relationships between cloud service providers and cloud service customers.

An individual or company that purchases services from a cloud provider, who adds value then resells them to its own customers.

1SO17789 CSN Role

Question 34

What does a CSB likely prevent?

Answer 34

Vendor Lock In because they should abstract proprietary implementation and provide standards based implementation or provides more favorable contract agreements to customer.

Question 35

What does a CSB provide to cloud customer?

Answer 35

Service Intermediation - improves specific capability and providing value-added services to cloud customers
Service Aggregation - combines and integrates multiple services into one or more new services
Service Arbitrage - broker has the flexibility to choose services from multiple cloud services providers

Question 36

Cloud Carrier

Is this role part of a security standard? If so which one?

Answer 36

Intermediary that provides the connectivity and transport of the cloud services between the cloud customer and cloud provide (ex. ISP)

1SO17789 Role

Question 37

SaaS Delivery Models

Answer 37

1. Hosted Application Management - hosts application for cloud customers and makes it available over the internet. Can be either custom or COTs.
2. Software on-demand - The applications is hosted by a CSP. Pay as you go (e.g. Gmail, O365)

Question 38

IaaS Components and Characteristics

Answer 38

Scalability - support significant demand

Converged network and IT capacity pool - resource pool appears seamless and endless

Self service and on-demand capacity - customer can manage cloud resources without interacting with CSP

High Reliability and Resilience - infrastructure should be reliable and resilient while uphold the SLA

Question 39

PaaS Components and Characteristics

Answer 39

Flexibility - plugins can be added to the platform

Support Multiple languages and frameworks

Multiple hosting environments - can migrate from public to private or choose type 1 vs type 2 hypervisor

Ability to autoscale - per requirement (e.g. location)

Allow choice and reduce vendor lock-in

Question 40

What is Anything as a Service (XaaS) according to ISO 17788?

Answer 40

any service model that doesn’t fit into IaaS, PaaS, SaaS, may overlap or combine 2 or more models

Question 41

Information Security Officer

Answer 41

Responsible for monitoring and enforcing of the business’ governance associated with the protection of all the business information assets from disclosure, alteration, destruction (unavailability)

Question 42

Cloud Carrier

Answer 42

An intermediary that provides connectivity and transport of cloud services between cloud consumer and cloud provider