Domain 1 - Cloud Computing and Concepts and Architectures Flashcards
What are some Ways of viewing cloud computing?
It’s a technology, a collection of technologies, an operational model, a business model
What must you do to really see security benefits from the cloud?
Security benefits only appear if you understand and adopt cloud-native models and adjust your architectures and controls to align with the features and capabilities of cloud platforms.
In fact, taking an existing application or asset and simply moving it to a cloud provider without any changes will often reduce agility, resiliency, and even security, all while increasing costs.
Define Cloud computing per CSA
Cloud computing is a new operational model and set of technologies for managing shared pools of computing resources.
Which could computing definition is this?
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of con gurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management e ort or service provider interaction.”
A. NIST
B. ISO/IEC
A. NIST
Which could computing definition is this?
“Paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand.”
A. NIST
B. ISO/IEC
B. ISO/IEC
What are two techniques to create a cloud?
A. Abstraction
B. Polymorhpishm
C. Orchestration
D. Compute
A & C: Abstraction and Orchestration
The key techniques to create a cloud are abstraction and orchestration. We abstract the resources from the underlying physical infrastructure to create our pools, and use orchestration (and automation) to coordinate carving out and delivering a set of resources from the pools to the consumers. As you will see, these two techniques create all the essential characteristics we use to de ne something as a “cloud.”
What is the difference between cloud computing and traditions virtualization?
Virtualization abstracts resources, but it typically lacks the orchestration to pool them together and deliver them to customers on demand, instead relying on manual processes.
What are the essential characteristics that make a cloud?
If something has these characteristics, we consider it cloud computing. If it lacks any of them, it is likely not a cloud.
• Resource pooling is the most fundamental characteristic, as discussed above. The provider abstracts resources and collects them into a pool, portions of which can be allocated to di erent consumers (typically based on policies).
• Consumers provision the resources from the pool using on-demand self-service. They manage their resources themselves, without having to talk to a human administrator.
• Broad network access means that all resources are available over a network, without any need for direct physical access; the network is not necessarily part of the service.
• Rapid elasticity allows consumers to expand or contract the resources they use from the pool (provisioning and deprovisioning), often completely automatically. This allows them to more closely match resource consumption with demand (for example, adding virtual servers as demand increases, then shutting them down when demand drops).
• Measured service meters what is provided, to ensure that consumers only use what they are allotted, and, if necessary, to charge them for it. This is where the term utility computing comes from, since computing resources can now be consumed like water and electricity, with the client only paying for what they use.
What are the three key service models of a cloud?
NIST de nes three service models which describe the di erent foundational categories of cloud services:
• Software as a Service (SaaS) is a full application that’s managed and hosted by the provider. Consumers access it with a web browser, mobile app, or a lightweight client app.
• Platform as a Service (PaaS) abstracts and provides development or application platforms, such as databases, application platforms (e.g. a place to run Python, PHP, or other code),
le storage and collaboration, or even proprietary application processing (such as machine learning, big data processing, or direct Application Programming Interfaces (API) access to features of a full SaaS application). The key di erentiator is that, with PaaS, you don’t manage the underlying servers, networks, or other infrastructure.
• Infrastructure as a Service (IaaS) o ers access to a resource pool of fundamental computing infrastructure, such as compute, network, or storage.
What are various deployment models of cloud?
Public, Private, Community, Hybrid
Define Public Cloud
Public Cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
Define Private cloud
Private Cloud. The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or by a third party and may be located on-premises or o - premises
Define community cloud
Community Cloud. The cloud infrastructure is shared by several organizations and supports a speci c community that has shared concerns (e.g. mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or by a third party and may be located on-premises or o -premises.
Define Hybrid Cloud
Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). Hybrid is also commonly used to describe a non-cloud data center bridged directly to a cloud provider.
What is a key difference be cloud and traditional computing?
The Metastructure
What is the Metastructure?
Metastructure: The protocols and mechanisms that provide the interface between the infrastructure layer and the other layers. The glue that ties the technologies and enables management and con guration
Define Infostructure.
Infostructure: The data and information. Content in a database, le storage, etc
Define Applistructure
Applistructure: The applications deployed in the cloud and the underlying application services
used to build them. For example, Platform as a Service features like message queues, arti cial intelligence analysis, or noti cation services
Which cloud deployment model is security responsibility almost completely targeted at the cloud provider?
Software as a Service: The cloud provider is responsible for nearly all security, since the
cloud user can only access and manage their use of the application, and can’t alter how the application works. For example, a SaaS provider is responsible for perimeter security, logging/ monitoring/auditing, and application security, while the consumer may only be able to manage authorization and entitlements
Which cloud deployment model is security responsibility for the foundation of the cloud the cloud provider and everything else the cloud user?
Infrastructure as a Service: Just like PaaS, the provider is responsible for foundational security, while the cloud user is responsible for everything they build on the infrastructure. Unlike PaaS, this places far more responsibility on the client. For example, the IaaS provider will likely monitor their perimeter for attacks, but the consumer is fully responsible for how they de ne and implement their virtual network security, based on the tools available on the service.
Which cloud deployment model is security more evenly split between the cloud provider and the cloud user?
Platform as a Service: The cloud provider is responsible for the security of the platform, while the consumer is responsible for everything they implement on the platform, including how they con gure any o ered security features. The responsibilities are thus more evenly split. For example, when using a Database as a Service, the provider manages fundamental security, patching, and core con guration, while the cloud user is responsible for everything else, including which security features of the database to use, managing accounts, or even authentication methods.
What is the the Consensus Assessments Initiative Questionnaire (CAIQ)
The Consensus Assessments Initiative Questionnaire (CAIQ). A standard template for cloud providers to document their security and compliance controls.
What is the the Cloud Controls Matrix (CCM)?
The Cloud Controls Matrix (CCM), which lists cloud security controls and maps them to multiple security and compliance standards. The CCM can also be used to document security responsibilities
Regarding Cloud Security Models, what are Conceptual models or frameworks?
Conceptual models or frameworks include visualizations and descriptions used to explain cloud security concepts and principles, such as the CSA logical model in this document
