Cloud Models & Roles Flashcards
Cloud Application
An application that is accessed via the internet rather that installed and accessed locally
Cloud Data Portability
The ability to easily move data from one cloud provider to another
Cloud Deployment Model
The way in which cloud services are made available through specific configurations that control the sharing of cloud resources with cloud users
List Cloud Deployment Models
Public
Private
Community
Hybrid
Cloud Resources
Compute, storage, and networking capabilities that a cloud provider shares with a cloud user including physical equipment located in the data centers and virtual resource like OS and apps
Cloud Services
Capabilities made available to a cloud user by a cloud provider through a published interface (e.g. mgmt console or CLI, etc.)
Cloud Service Category
AKA
A collection of cloud services that share a common set of features or qualities
Cloud service categories are labelled XaaS (X as a Service)
AKA - Cloud Service Models
Cloud service customer data
Any data objects under the control of the cloud service customer and that were input to the cloud service by the cloud customer or generated by the cloud service on behalf of the cloud customer
Cloud Service Derived Data
Any data objects under the control of the cloud service provider and that were derived by interaction of the cloud customer with the cloud service. Derived data may include access logs, utilization information and other forms of metadata
Cloud Service Provider Data
Any data objects related to the operations of the cloud service and that are fully under the control of the cloud service provider. Provider data may include cloud service operational data, information generated by the cloud service provider to provide services, and similar data not owned or related to any specific cloud customer.
Private Cloud
Cloud deployment model where cloud services are provided to a single cloud service customer who controls their own cloud resources
can be hosted or on-prem; if compute, storage and network is reserved for just one customer it is a private cloud
Often used for legal or compliance or security purposes
Community Cloud
Cloud deployment model where cloud services are provided exclusively to a group of cloud service customers with similar requirements. It is common for at least one member of the community to control the cloud resources for the group.
Hybrid Cloud
Cloud Deployment model that uses a combination of at least two different cloud deployment models (public, private or community)
Models are bound together by technology that enables data and application portability
Infrastructure as a Service
Cloud service category/model that provides infrastructure capabilities to the cloud service customer
Infrastructure service capability: The cloud customer can provision and maintain granular control over compute, storage, and network resources.
CSP retains ownership and maintains the underlying infrastructure.
Platform as a Service
Cloud service category/model that provides platform capabilities to the cloud service customer
Platform service capability: The cloud customer can run code, develop, and test applications using programming libraries that are managed and controlled by the cloud service provider.
Operating systems and DBs provided.
Software as a service
Cloud service category that provides software/application capabilities to the cloud service customer
Software service capability: The cloud customer can use applications that are fully developed and managed by the cloud service provider.
List key roles of the cloud service customer and activities they are responsible for?
ISO standard that defines the roles and responsibilities of CSC?
Cloud architect: Evaluates cloud technologies and services and designs the overall architecture of the cloud deployment to meet organizational requirements.
Cloud service user: Uses services provided by the CSP.
Cloud service administrator: Configures, manages, and monitors the use of cloud services.
1SO17789 CSC Role
Key roles and activities performed by the cloud service partner?
Cloud auditor: Performs audits of cloud environments and provides audit reports.
Cloud service broker: Provides a marketplace for approved services, manages contracting, and securely integrates cloud services with on-prem applications.
IaaS Key Benefits
Cost Efficiency - Trade CapEx (capital expenditure) for OpEx (Operational Expenditure); cloud provider pays for managing physical security and energy of data center; reduction of maintenance support and ownership costs
Availability and Reliability - customers can load balance and have redundancy across infrastructure spanning regions
Scalability -additional resources can be procured, provisioned, and expanded quickly and with ease to support growing demand
Metered pay per use
PaaS Key Benefits
Cost efficiency: Devs pay only for cloud resources they use
Flexibility: Devs can switch between OS and software versions
Simplicity: Infrastructure and OS managed by CSP, so devs don’t have to patch and upgrade OS or libs
Ease of access: Access dev environments from anywhere in the world and makes it easy to collaborate and share information
SaaS Key Benefits
Cost Efficiency: Eliminates the need for Sys Admins and dedicated HW/SW.
Licensing: Effectively lease or borrow license as software is used, eliminating the need to purchase a full set of licenses. Use discounts realized by CSP, because the CSP has larger scale.
Standardization: Consistent experience for users because cloud provides standardized application, with the latest and greatest versions of software, with little to no action take by customer
Public Cloud
A set of cloud computing services that can be accessed by anyone willing and able to pay for them; May be owned by business, academic or government organization
Public Cloud Benefits
Easy to set up and manage
Highly scalable resources
Resource efficiency and cost effective
Benefits of Private Cloud
Increased Ownership and Governance
High level of system and data control
Community Cloud Benefits
Mirror public cloud (Easy to set up and and manage, Highly scalable, resource efficiency and cost Effective)
Common set of requirements ensures the cloud meets these requirements
Hybrid Cloud Benefits
Reuse of existing infrastructure and technology: already have infrastructure from private or community cloud, but want the benefits of public cloud or may have to maintain some private/community cloud for compliance/legal/business reasons
Control over critical or sensitive systems: keep sensitive data in private/community cloud while allowing less sensitive data in public cloud
Disaster recovery support: Benefit from redundancy and reliability assurance of public cloud, for customers that already have private cloud
Cloud (service) provider (CSP)
An entity making cloud services available for use.
The vendor offering cloud services.
Cloud (service) customer
A person or group that is in a business relationship to provision and use cloud services from a cloud service provider.
The entity purchasing the cloud services e.g. paying the bill
1SO17789 primary role
Cloud (service) user
A person or entity (which may be a device, for example) that uses cloud services on behalf of the cloud service customer.
1SO17789 primary Role
Cloud service partner (CSN)
A person or group that supports the provision, use, or other activities of the cloud service provider, the cloud service customer, or both.
Includes all roles that are not CSC or CSP.
1SO17789 primary Role
Cloud Auditor Desc?
What standard and subrole?
A cloud service partner who is responsible for conducting an audit of the use of cloud services. An audit may be for general security hygiene, but is often for legal or compliance purposes
Performs an independent examination of the cloud service provider with the intent to verify conformance to standards and/or compliance.
independent = third party
1SO17789 CSN Role
CASB
Standard and Type of subrole?
Cloud Access Security Broker (CASB) A third-party entity offering independent identity and access management (IAM) services to CSPs and cloud customers, often as an intermediary. This can take the form of a variety of services, including single sign-on, certificate management, and cryptographic key escrow.
1SO17789 CSN Role
Cloud (service) broker
Standard and Type of subrole?
A cloud service partner who negotiates relationships between cloud service providers and cloud service customers.
An individual or company that purchases services from a cloud provider, who adds value then resells them to its own customers.
1SO17789 CSN Role
What does a CSB likely prevent?
Vendor Lock In because they should abstract proprietary implementation and provide standards based implementation or provides more favorable contract agreements to customer.
What does a CSB provide to cloud customer?
Service Intermediation - improves specific capability and providing value-added services to cloud customers
Service Aggregation - combines and integrates multiple services into one or more new services
Service Arbitrage - broker has the flexibility to choose services from multiple cloud services providers
Cloud Carrier
Is this role part of a security standard? If so which one?
Intermediary that provides the connectivity and transport of the cloud services between the cloud customer and cloud provide (ex. ISP)
1SO17789 Role
SaaS Delivery Models
- Hosted Application Management - hosts application for cloud customers and makes it available over the internet. Can be either custom or COTs.
- Software on-demand - The applications is hosted by a CSP. Pay as you go (e.g. Gmail, O365)
IaaS Components and Characteristics
Scalability - support significant demand
Converged network and IT capacity pool - resource pool appears seamless and endless
Self service and on-demand capacity - customer can manage cloud resources without interacting with CSP
High Reliability and Resilience - infrastructure should be reliable and resilient while uphold the SLA
PaaS Components and Characteristics
Flexibility - plugins can be added to the platform
Support Multiple languages and frameworks
Multiple hosting environments - can migrate from public to private or choose type 1 vs type 2 hypervisor
Ability to autoscale - per requirement (e.g. location)
Allow choice and reduce vendor lock-in
What is Anything as a Service (XaaS) according to ISO 17788?
any service model that doesn’t fit into IaaS, PaaS, SaaS, may overlap or combine 2 or more models
Information Security Officer
Responsible for monitoring and enforcing of the business’ governance associated with the protection of all the business information assets from disclosure, alteration, destruction (unavailability)
Cloud Carrier
An intermediary that provides connectivity and transport of cloud services between cloud consumer and cloud provider