Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 04_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
Tags
Related
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 10_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 01_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 02_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 03_ocred.pdf
- Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 03_ocred_fax_ocred.pdf
- Cloud and Virtualization Security PDF
Full Transcript
Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 On-premises vs. Hosted vs. Cloud s | o | The organization establishes the infrastructure and runs all the business DRI BV Tent T AT e Scalability e operations organization The software or application is installed on in...
Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 On-premises vs. Hosted vs. Cloud s | o | The organization establishes the infrastructure and runs all the business DRI BV Tent T AT e Scalability e operations organization The software or application is installed on internal physical servers The cloud provider installs the software or application on virtual servers A third party sets up the entire cloud hosting center or data center Depends on the skills of internal employees Depends on the Internet speed Pedo.nnan.ce can be opnmnzer:I by working with the service provider are expensive s Security | A third party owns the platform; the enterprise uses the resources based on Physical infrastructure and initial setup Connectivity oow A third party owns the infrastructure and runs the business operations for the Virtual infrastructure is paid for as per usage Systems can work without the Internet Active Internet service is mandatory the requirement Rented private infrastructure is relatively expensive for the organization The platform can perform communication with both a private internal network and the Internet Depends on the skills of the administration team Less secure than other options as it is completely operated off-site FECURY IS URCor She CRRtION'S control; all systems must be up to date and patched constantly Maintained by an internal team Maintained by the cloud provider :';:'::;med DL — -~ Offers limited scalability. ; Easily and highly scalable Scalability depends on the availability of applications on the cloud Copyright © by s L All Rights Reserved. Reproduction Is Strictly Prohibited. On-premises vs. Hosted vs. Cloud There are many technologies for organizations to choose and deploy applications or software to run their business effectively. An organization should consider various factors such as budget, business size, and maintenance challenges before choosing a deployment option. Choosing the appropriate deployment platform for their business is often a challenging task for organizations. Before choosing a deployment option, organizations should be aware of various technologies, their features, and how secure they are. The table below describes various IT deployment models and their services. Parameters. Ownership On-premises The software or Deployment | application is installed on internal physical servers. Depends on the skills of Performance |. internal employees. Physical infrastructure Module 10 Page 1321 Hosted The organization A third party owns the establishes the infrastructure and runs |... infrastructure and runs all | the business operations the business operations. Cost Cloud y o and initial setup are. expensive. A third party owns the platform; the enterprise uses the resources based for the organization. on the requirement. The cloud provider installs the software or application on virtual servers. A third party sets up the entire cloud hosting center or data center. Depends on the Internet speed. Performance can be optimized by working... with the service provider... i Virtual infrastructure is. paid for as per usage. Rented private. ; i infrastructure is relatively. expensive for the R organization. Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing.. Connectivity Systems can work i without the Internet. Exam 212-82 Active Internet service is mandatory. The platform can perform communication with both.. a private internal network and the Internet. Security is under the. Security. Maintenance Scalability. Depends on the skills of.. the administration team. Maintained by an internal team. Offers limited scalability. Less secure than other organization’s control; all. e options as it is completely | systems must be up to. operated off-site. date and patched constantly. | Maintained by the cloud. provider. Easily and highly scalable. Maintained by a third. party hosting agency. Scalability depends on the | availability of applications on the cloud. Table 10.3: Comparison among on-premises, hosted, and cloud IT deployment models Module 10 Page 1322 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 NIST Cloud Deployment Reference Architecture NIST cloud computing reference architecture defines five major actors: Cloud Consumer A person or organization that uses cloud computing Cloud Provider 6 O Cloud Provider Service Layer A person or organization providing services to interested parties Cloud Consumer Saas - Cloud Auditor Paas | Security audit 12as g Cloud Carrier m Resource Abstraction An intermediary for providing connectivity and transport services between cloud consumers and © Cloud Auditor Audit A party for making independent assessments of ! ’f cloud service controls and taking an opinion thereon @ [ Cloud Broker N [ | | Service Pccioil Portability/ Interoperability E An entity that manages cloud services in terms of use, performance, and delivery, and maintains the relationship between cloud providers and Service Intermediation Configuration Physical Resource Layer -m Facility g Cloud Broker Business Support and Control Layer P providers Cloud Service Management Privacy services Security N 0 Lh ¢ Service Arbitrage & o S & — Cloud Carrier consumers Copyright © by L All Rights Reserved. Reproduction is Strictly Prohibited. NIST Cloud Deployment Reference Arxchitecture The figure below gives an overview of the NIST cloud computing reference architecture; it displays the primary actors, activities, and functions in cloud computing. The diagram illustrates a generic high-level architecture, intended for better understanding the uses, requirements, characteristics, and standards of cloud computing. Cloud Provider Service Layer Cloud Consumer S Cloud Auditor Paas S g Management Provisioning/ Resource Abstraction Privacy Impact Audit and Control Layer Physical Resource Layer Performance ~ Ny e. | Cloud Broker Business Support laa$ Security audit Audit Cloud Service s Configuration Service F = 3 v Portability/ Interoperability B8R Y 8 = Intermediation. : Servnce_ Aggregation. Service Arbitrage & Cloud Carrier Figure 10.27: NIST cloud computing reference architecture Module 10 Page 1323 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 The five significant actors are as follows: Cloud Consumer A cloud consumer is a person or organization that maintains a business relationship with the cloud service providers (CSPs) and utilizes the cloud computing services. The cloud consumer browses the CSP’s service catalog requests for the desired services, sets up service contracts with the CSP (either directly or via cloud broker), and uses the services. The CSP bills the consumer based on the services provided. The CSP should fulfill the service level agreement (SLA) in which the cloud consumer specifies the technical performance requirements, such as the quality of service, security, and remedies for performance failure. The CSP may also define limitations and obligations if any, that cloud consumers must accept. The services available to a cloud consumer in the Paa$, laaS, and SaaS models are as follows: o PaaS - database (DB), business intelligence, application deployment, development and testing, and integration o laaS - storage, services management, content delivery network (CDN), platform hosting, backup and recovery, and computing o SaaS - human resources, enterprise resource planning (ERP), sales, customer relationship management (CRM), collaboration, document management, email and office productivity, content management, financial services, and social networks. Cloud Provider A cloud provider is a person or organization who acquires and manages the computing infrastructure intended for providing services (directly or via a cloud broker) to interested parties via network access. Cloud Carrier A cloud carrier acts as an intermediary that provides connectivity and transport services between CSPs and cloud consumers. The cloud carrier provides access to consumers via a network, telecommunication, or other access devices. Cloud Auditor A cloud auditor is a party that performs an independent examination of cloud service controls to express an opinion thereon. Audits verify adherence to standards through a review of the objective evidence. A cloud auditor can evaluate the services provided by a CSP regarding security controls (management, operational, and technical safeguards intended to protect the confidentiality, integrity, and availability of the system and its information), privacy impact (compliance with applicable privacy laws and regulations governing an individual’s privacy), performance, etc. Module 10 Page 1324 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing = Exam 212-82 Cloud Broker The integration of cloud services is becoming too complicated for cloud consumers to manage. Thus, a cloud consumer may request cloud services from a cloud broker, rather than directly contacting a CSP. The cloud broker is an entity that manages cloud services regarding use, performance, and delivery and maintains the relationship between CSPs and cloud consumers. The services provided by cloud brokers fall in three categories: o Service Intermediation: o Service Aggregation: new services. o Service Arbitrage: Improves a given function provides value-added services to cloud consumers. Combines and Similar to service by a specific capability and integrates multiple services into one or more aggregation but without the fixing of the aggregated services (the cloud broker can choose services from multiple agencies). Module 10 Page 1325 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.