Security Architecture: Cloud-Related Concepts Flashcards
What is the responsibility matrix?
The Cloud Responsibility Matrix is a framework that helps to define the roles and responsibilities of both cloud service providers (CSPs) and customers (users) when using cloud services. It breaks down who is responsible for what in terms of security, management, and maintenance of the cloud environment.
In summary, the Cloud Responsibility Matrix clarifies the division of tasks and security obligations between the cloud provider and the user, depending on the type of cloud service model being used.
What are the cloud service Models?
Cloud Service Models:
IaaS (Infrastructure as a Service): The provider offers basic infrastructure (servers, storage, etc.). Users manage the operating systems, applications, and data.
PaaS (Platform as a Service): The provider offers infrastructure plus a platform (OS, middleware). Users manage their applications and data.
SaaS (Software as a Service): The provider offers complete software applications. Users just manage their data and access.
What are the shared responsibilities?
Shared Responsibility:
Provider Responsibilities: Typically include managing the physical infrastructure, network security, and foundational services.
User Responsibilities: Typically include managing data, user access, application security, and often the operating system (for IaaS).
Detailed Break down of IaaS
IaaS (Infrastructure as a Service)
Provider: Physical data centers, servers, networking, storage.
User: Operating system, applications, data, network settings, user access.
Detailed Break down of PaaS
PaaS (Platform as a Service)
Provider: Infrastructure, operating systems, middleware, runtime environments.
User: Applications, data, user access.
Detailed Break down of SaaS
SaaS (Software as a Service)
Provider: Everything including the application software.
User: Data, user access, often some settings within the application.
What are the security Responsibilities?
Security Responsibilities
Physical Security: Provider ensures physical security of data centers.
Network Security: Provider ensures secure network infrastructure, but users must configure their own network settings.
Data Security: Users are responsible for securing their own data and ensuring proper access controls.
Application Security: Users are responsible for the security of their applications, especially in IaaS and PaaS.
what are the key Components of Hybrid Cloud?
Key Components of Hybrid Cloud
Private Cloud:
On-Premises: Infrastructure owned and operated by the business, located within their data center.
Hosted Private Cloud: Infrastructure managed by a third party but used exclusively by one business.
Public Cloud:
Cloud services provided by third-party providers (e.g., AWS, Azure, Google Cloud) that are shared among multiple customers.
The public cloud involves third-party vendors, such as contractors, but differences do exist. An example is that with the cloud, there’s typically much shorter contract durations and resources available on demand without long provisioning cycles and negotiations.
What is Infrastructure as a code?
Infrastructure as Code (IaC) is a revolutionary approach to managing and provisioning technology infrastructure in a scalable, efficient, and automated manner. It involves using machine-readable scripts or configuration files to define and deploy infrastructure resources, such as servers, networks, and storage, rather than relying on manual and error-prone processes.
In summary, Infrastructure as Code is a powerful approach that leverages automation and code to manage and provision IT infrastructure, leading to more efficient, consistent, and scalable operations.
What is Serverless Computing?
Serverless computing is a cloud-computing paradigm that allows developers to build and run applications without the need to manage traditional server infrastructure. In a serverless architecture:
Developers only need to focus on writing code for individual functions or units of logic, which are executed in stateless, ephemeral containers in response to specific events or triggers.
Cloud providers automatically handle provisioning, scaling, and management of resources, enabling developers to focus on coding business logic without worrying about server maintenance.
It is cost savings – Doesn’t need a virtual machine.
Must secure information in transit!
What are the benefits of Serverless computing?
Benefits of Serverless Computing
Reduced Operational Overhead:
With no servers to manage, developers can focus on writing and deploying code, reducing the time and effort spent on infrastructure management.
Scalability:
Functions automatically scale with demand, ensuring that your application can handle varying loads without manual intervention.
Cost Efficiency:
Since you only pay for the execution time of your functions, serverless can be more cost-effective, especially for applications with irregular or unpredictable usage patterns.
Faster Time to Market:
By reducing the complexity of infrastructure management, serverless computing can speed up the development and deployment process.
What is a microservice?
A microservices infrastructure is a modern architectural approach to building and deploying software applications. In this model:
A large monolithic application is broken down into smaller, loosely coupled services, each responsible for a specific business capability or function. If one microservice fail it won’thave any effect and can look for other microservices to help. Unlike in a monolithic components where one function fails the other closely to it will fail, creating a dominoes effect.
These services communicate with each other through lightweight APIs, allowing them to be developed, deployed, and maintained independently.
Google is famous for this – relying on serverless compute and spread it all over the globe – a lot more responsive and higher uptime.
In security concept we will need to secure the communication in between service to keep it secure.
