Week 11: Security Criteria - Building an Internal Cloud Flashcards

1
Q

Why would an enterprise invest in a private cloud

A

Increased flexibility and increased security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In general, nothing prevents public cloud providers from offering customers exclusive and separate sections “carved out” of overall infrastructure to implement a remotely hosted private cloud

However, doing so might undermine their ___

A

economic model

such exclusive sections of a public cloud infrastructure can be systematically and securely carved out of the combined hardware, storage, and network fabric

these exclusive sections can be forced to fall on sufficiently safe boundaries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization can implement an ___as a proof of concept or to develop skills and experience

A

exploratory cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

exploratory cloud can be useful for

A

develop a hands-on understanding of the technical issues and possible complications that might be faced before making a larger commitment to an operational cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The potential for better security with a ___ is ___at a ___overall cost than with traditional private IT

A

private cloud
greater
lower

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Before the recent rise of virtualization and more powerful servers, individual business applications resided on individual servers

This resulted in a chaotic and undisciplined landscape: ___

A

server sprawl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

With the rise of virtualization, this situation has evolved into one where the number of physical servers can be reduced

Without enforced discipline, server sprawl has become___

A

VM sprawl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

At the department level, the move to server virtualization seems to be a return to the ___mix of pooled and centrally managed resources

A

mainframe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cloud computing brings back the ___, and ___ model that marked the mainframe era

A

pooled

centrally managed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

While there is a good deal of overlap between mainframe and cloud computing, cloud is still unique in several ways

A

Cloud computing is far more services oriented than the mainframe model

The cloud model is more server failure tolerant than mainframes and more readily resource augmented as well

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If the private cloud is sized to both minimize excess capacity and to allow for peak demands, then ongoing cost reductions will include

A

Lower equipment cost

Lower than typical data center-related costs
- Lower power consumption (equipment and cooling)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Infrastructure deviations to support the specific needs of internal customers (private cloud) fall into four main categories

A

Hardware Platform Variation
- Where users require different hardware for computing or storage, this cannot be economically supported unless these needs are sufficiently common to warrant dedicating a pool of identical resources

Network Variation
- Where network patterns are customized for small sets of servers, the cloud will give up some of its cost savings, unless there is a large enough need to deviate from the norm

Software Platform Variation
- It is significantly less difficult to support users who need a specialized operating system or software stack than it is to add additional hardware

Allocation Boundaries
- Allocation and provisioning of user and department usage should provide for segregation where confidentiality is a major concern

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

To begin with, it is useful to analyze the use of ___in an internal data center and discern the level of usage at various times of the day, week, or month

A

existing servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Because of the ___population of cloud consuming users and applications in a private enterprise, a private cloud may not meet the advantages that a public cloud may

A

smaller

Unless there is off-peak load to consume otherwise idle cloud resources, a private cloud may lie largely idle for the remaining hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When individual servers are pooled together into a centrally managed private cloud, there are going to be opportunities to improve security in terms of

A

operational security

implementing future security capabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When ___ is implemented at an enterprise level, more robust and capable solutions can be used in a cost-effective manner

A

identity

17
Q

An enterprise might use a public cloud for the bulk of its computing needs but still run a small in-house private cloud for ___

A

secure applications

18
Q

Reason for using private cloud

A

run a small in-house private cloud for secure applications

they may need to run a few older applications
- Another approach would be the use of virtualization or emulators to virtualize the nonstandard hardware platform that the application requires

19
Q

When there is no business need for making data from one group accessible to another group, the private cloud must enforce ___

A

separation

20
Q

A private cloud may also express some services to ___

A

external users

 - for instance, customers of the enterprise
 - Connectivity for customers must be secured and separated
21
Q

In summary, a private cloud must enforce various kinds of separation between sets of ___ and between ___and ___users

A

internal users
internal
external

22
Q

Exposing the cloud to either internal or external users must be done in response to a clear ___and a solid understanding of the ___

A

business need

risk factors

23
Q

To begin with, the ___to the cloud is the best place to filter out unwanted inbound traffic - for example

A

ingress
Blacklisted IP addresses
Whitelisted IP addresses

24
Q

Limiting Access to the Edge - two ways

A

To begin with, the ingress to the cloud is the best place to filter out unwanted inbound traffic

Secondly, we may authenticate inbound traffic by use of various means, including IPSec tunnels or VPN solutions

25
Q

When offering services to both internal and external users it is critical to avoid opportunities for non-enterprise users to gain access to enterprise data - methods of separation

A

Mixing enterprise and external user traffic must be avoided

Generally, SaaS traffic is terminated at a proxy or web service with data being passed to other services not directly reachable by users

Storage of enterprise and Internet users must be segregated

All user data should be encrypted

Sensitive enterprise data should not be processed by the same app instances that are processing public users’ data

26
Q

Isolation between realms can be effected through various means, including

A

physically separated networks

virtual local area networks (VLANs)

Such isolation should be reinforced via other mechanisms such as a firewall

Network isolation can also be achieved by using encryption

27
Q

A best practice in physical isolation is to contain separate categories of use (internal users, public Internet users, and so on) within groups of ___ (sometimes referred to as pods or compartments)

A

separate racks

28
Q

For higher assurance, it is a best practice to isolate these physical zones by physically surrounding them with ___

A

cages

29
Q

An overall production cloud infrastructure will most likely be logically divided for a number of distinct uses:

A

Development
Testing and Staging
Production

30
Q

Degree of assurance in isolation techniques (lowest to highest)

A

Software –> Cryptography –> Virtualization –> Physical Separation

31
Q

It is a best practice to maintain a separate network for ___

A

management traffic

32
Q

Among many important initial steps in setting up a private cloud is effectively addressing the need for ___ that will bridge your physical and virtual infrastructure

A

management tools

33
Q

It may be more cost effective to locate a private cloud in a professionally staffed and certified ___

A

hosting center

Only your organization would have physical access to your cages

34
Q

Data Center Sensors

A

Smoke, Motion, Power, Water, Door, Temperature, Humidity

35
Q

Operational Security Considerations (Private Cloud)

A

Antimalware
Device Configuration
Intrusion and Anomaly Detection
Data Backup and Storage

36
Q

Private Cloud Regulations

A

Location of Data

Data Retention