Cloud Services and Delivery Models

Question 1

Software as a service (SaaS)

Answer 1

• On-demand software
• No local installation
• Why manage your own email distribution?
Or payroll?

• Central management of data and applications
  
  • Your data is out there
• A complete application offering
  
  • No development work required
  • Google Mail

Question 2

Infrastructure as a service (IaaS)

Answer 2

• Sometimes called Hardware as a Service (HaaS)
  
  • Outsource your equipment
• You’re still responsible for the management
  
  • And for the security
• Your data is out there, but more within your control
• Web server providers

Question 3

Platform as a service (PaaS)

Answer 3

• No servers, no software, no maintenance team, no HVAC
• Someone else handles the platform,
you handle the development

• You don’t have direct control of the data, people,
or infrastructure
• Trained security professionals are watching your stuff
• Choose carefully

• Put the building blocks together
  
  • Develop your app from what’s available on the platform
  • SalesForce.com

Question 4

Cloud deployment models

Answer 4

• Private - Your own virtualized local data center
• Public - Available to everyone over the Internet
• Hybrid - A mix of public and private

• Community - Several organizations
share the same resources

Question 5

Local and cloud resources

Answer 5

• On-premise
• Your applications are on local hardware
• Your servers are in your data center
in your building

• Hosted
  
  • Your servers are not in your building
  • They may not even be running on your hardware
  • Usually a specialized computing environment

• Cloud
• Entire application instances can be created and
torn down on-demand
• Resources are available as needed

Question 6

Connecting to the cloud

Answer 6

• Existing Internet connection
  
  • Browser-based, SSL encryption

• VPN (Virtual Private Network)
• Encrypted tunnel for all traffic between
you and the cloud
• Will probably require some additional
hardware on both ends

• Direct connection
  
  • Co-location, same shared data center
  • High speed 10 Gigabit connection
  • No external traffic (added security)

Question 7

Managing cloud security policies

Answer 7

• Clients are at work, data is in the cloud
• How do you keep everything secure?
• The organization already has well-defined security
policies

• How do you make your security policies work in the cloud?
• Integrate a CASB (Cloud Access Security Broker)
• Implemented as client software, local security
appliances, or cloud-based security solutions

Question 8

Cloud access security broker (CASB)

Answer 8

• Visibility
  
  • Determine what apps are in use
  • Are they authorized to use the apps?
• Compliance
  
  • Are users complying with HIPAA? PCI?
• Threat prevention
  
  • Allow access by authorized users, prevent attacks

• Data security
• Ensure that all data transfers are
encrypted
• Protect the transfer of PII with DLP