Security Plus - Chapter 10 Flashcards
Cloud Computing
Companies that provide computing services to their customers over the Internet. NIST definition: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Multitenancy
Many different users sharing resources in the same cloud infrastructure.
Oversubscription
The ability of a cloud provider to have sufficient resources, knowing that all their users will not access the resources all at the same time. This achieves economies of scale.
Cloud Computing Benefits
On-demand self-service computing - Cloud resources are available when and where you need them.
Scalability - Customers can manually or automatically increase the capacity of their operations.
- Vertical scaling - Increases the capacity of existing servers.
- Horizontal scaling - Adding more servers to a pool of clustered servers
Elasticity - The capacity should expand and contract as needs change to optimize costs.
Measured service - Providers track many statistics which allows them to provide the appropriate resources when changes are needed.
Agility and Flexibility - The speed to provision cloud resources and the ability to use them for time periods as long as they are needed.
Cloud Roles
Cloud service provider - The firms that offer cloud computing services to their customers.
Cloud consumers - The organizations or individuals that utilize cloud services from the providers.
Cloud partners (brokers) - Organizations that offer ancillary products or services that support or integrate with the offerings of the cloud provider. Ex. Training, consulting for the cloud environment or software that integrates with the cloud services.
Cloud auditors - Independent organizations that provide third-party assessments of cloud services and operations.
Cloud carriers - Serve as intermediaries that provide the connectivity that allows the delivery of cloud services from the provider to the consumer.
Cloud Service Models
Infrastructure as a Service (IaaS) - Allow customers to purchase and interact with the basic building blocks of a technology infrastructure. Computing, storage, and networks.
Software as a Service (SaaS) - Provide customers with access to fully managed applications running in the cloud. The provider is responsible for everything from the operation of the physical datacenters to the performance management of the application. Customer is only responsible for limited configuration, what data will be included in the software, and access controls for who can have access to the application.
Platform as a Service (PaaS) - The middle ground between IaaS and SaaS. The service provider offers a platform where customers may run applications that they have developed themselves. Teh provider offers an execution environment.
Function as a Service (FaaS) - Allows customers to upload their own code functions to the provider and the provider will execute those functions on a scheduled basis in response to events and/or on demand. Serverless computing environments. Customer does not see the servers.
Managed Service Providers (MSPs)
Service organizations that provide information technology as a service to their customers. They may handle the IT needs completely, or they may offer focused services such as network design and implementation, application monitoring, or cloud cost management. Managed Security Service Providers (MSSPs) are also an available option for outsourcing cybersecurity services.
Cloud Deployment Models
Describe how a cloud service is delivered to customers and whether the resources used to offer those services to one customer are shared with other customers.
Public Cloud - Cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model.
Private Cloud - Any cloud infrastructure that is provisioned for use by a single customer. Not as cost efficient as the public cloud.
Community Cloud - Shares characteristics of both the public and private cloud deployment models. They run in multitenant environment, but the tenants are limited to members of a specifically designed community. Community membership is usually based on a shared mission, similar security and compliance requirements, or other commonalities.
Hybrid Cloud - A catch-all term to describe any cloud deployments that blend both public, private, and/or community cloud service models together. Requires the use of technology that unifies the different cloud offerings into a single coherent platform.
Ex. Firm operating in the private cloud but leverages the public cloud capacity when demand exceeds the capacity of the private cloud. Another reason for hybrid cloud is the desire to move away from a centralized approach to computing with everything in a single environment to a decentralized approach which reduces the single point of failure by spreading technology across multiple providers.
Shared Responsibility Model
Cloud customers must divide responsibilities between one or more service providers and the customers own cybersecurity teams. A Responsibility Matrix is created to determine how the responsibilities for certain services are divided between the entities. This differentiates based on the type of service model being used; IaaS, PaaS, and SaaS.
IaaS - Customer takes responsibility for everything from the OS, application, and data that is on the system.
PaaS - The customer retains responsibility for a shared portion of the application and then all of the data on the system. Shared responsibility is based on the agreement between the customer and provider.
SaaS - The provider takes on almost all security responsibilities with shared responsibility regarding the data. That is also based on the agreement between the customer and the provider.
Cloud Standards and Guidelines
NIST Cloud Reference Architecture SP 500-292 offers a high level of taxonomy for cloud services.
Cloud Security Alliance is focused on developing and promoting best practices in cloud security. They developed the cloud security matrix (CCM).
Edge Computing
Usually performed in Internet of Things scenarios. Places some processing power on the remote sensors, which allows the sensors to preprocess the data before shipping it back to the cloud. The computing is being pushed out to sensors that are located at the edge of the network.
Fog computing - The processing is performed on IoT gateway devices that located near the remote sensors.
Virtulaization
Allows multiple guest systems to share the same underlying hardware. The virtual host will run an operating system called the hypervisor that mediates access to the underlying hardware resources. Multiple virtual machines then run the operating systems and other services as needed by the organization.
Hypervisors
Enforces the isolation between virtual machines. It must present each VM with the illusion of a completely separate physical environment dedicated for use by that VM. Isolation ensures that VMs will not interfere with each other’s operations.
Type I hypervisor (bare-metal) - Operate directly on top of the underlying hardware. This hypervisor then supports the guest OSs for each VM.
Type II hypervisor - Run as an application on top of an existing OS. The OS supports the hypervisor and the hypervisor requests resources for each guest OS from the host. Less efficient.
Cloud Infrastructure Components
Used in the IaaS service model to provide organizations with access to computing resources including compute capacity, storage, and networking.
Cloud Compute Resources
Computing capacity is one of the primary needs of organizations moving to the cloud.
Virtualization - The basic building blocks of compute capacity in the cloud.
Containerization - Provides application-level virtualization. Containers package applications and allow them to be treated as units of virtualization that become portable across OS and hardware platforms.