Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 02_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Types of Cloud Computing Services

SYS ADMINS DEVELOPERS END CUSTOMERS END CUSTOMERS

Infrastructure-as-a- Platform-as-a-Service Software-as-a-Service Identity-as-a-Sexvice
Service (IaaS) (Paas) (Saas) (IDaas)

= Provides virtual = Offers development = Offers software to = Offers IAM services
machines and other tools, configuration subscribers on-demand including SSO, MFA,
abstracted hardware management, and over the Internet IGA, and intelligence
and operating systems deployment platforms * E.g., web-based office collection
which may be on-demand that can be applications like Google * E.g., Onelogin,
controlled through used by subscribers to Docs or Calendar, Centrify Identity
a service API develop custom Salesforce CRM, or Service, Microsoft
* E.g., AmazonEC2, applications Freshbooks Azure Active Directory,
GoGrid, Microsoft = E.g., Google App or Okta
OneDrive, or Rackspace Engine, Salesforce, or
Microsoft Azure

Types of Cloud Computing Services (Cont’d)
Security-as-a-Service (SECaaS8) Function-as-a-Service (FaaS)
CUSTOMERS

CUSTOMERS

= Provides penetration testing, authentication, Provides a platform for developing, running,
intrusion detection, anti-malware, security and managing application functionalities for
END

END

incident, and event management services microservices
= E.g., eSentire MDR, Switchfast Technologies, E.g., AWS Lambda, Google Cloud Functions,
OneNeck IT Solutions, or McAfee Managed Microsoft Azure Functions, or Oracle Cloud Fn
Security Services

Container-as-a-Service (CaaSl) Anything-as-a-Service (XaaS)
CUSTOMERS

CUSTOMERS

= Offers virtualization of container engines, Offers anything as a service over the Internet
and management of containers, applications, based on the user’s demand like digital
END

and clusters, through a web portal or API g products, food, transportation, medical
= E.g., Amazon AWS EC2, or Google Kubernetes consultations, etc.
Engine (GKE) E.g., Salesforce, AWS, Google Compute
Engine, Azure, 0365 and G Suite, JumpCloud

Types of Cloud Computing Services
Cloud services are divided broadly into the following categories:
» [Infrastructure-as-a-Service (laaS)
This cloud computing service enables subscribers to use on-demand fundamental IT
resources, such as computing power, virtualization, data storage, and network. This
service provides virtual machines and other abstracted hardware and operating systems

Module 10 Page 1307 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

(OSs), which may be controlled through a service application programming interface
(API1). As cloud service providers are responsible for managing the underlying cloud
computing infrastructure, subscribers can avoid costs of human capital, hardware, and
others (e.g., Amazon EC2, Microsoft OneDrive, Rackspace).
Advantages:

o Dynamic infrastructure scaling
o Guaranteed uptime
o Automation of administrative tasks
o Elastic load balancing (ELB)

o Policy-based services

o Global accessibility
Disadvantages:
o Software security is at high risk (third-party providers are more prone to attacks)

o Performance issues and slow connection speeds
» Platform-as-a-Service (PaaS)
This type of cloud computing service allows for the development of applications and
services. Subscribers need not buy and manage the software and infrastructure
underneath it but have authority over deployed applications and perhaps application
hosting environment configurations. This offers development tools, configuration
management, and deployment platforms on-demand, which can be used by subscribers
to develop custom applications (e.g., Google App Engine, Salesforce, Microsoft Azure).
Advantages of writing applications in the PaaS environment include dynamic scalability,
automated backups, and other platform services, without the need to explicitly code for
them.
Advantages:

o Simplified deployment
o Prebuilt business functionality
o Lower security risk compared to laaS
o Instant community
o Pay-per-use model
o Scalability
Disadvantages:
o Vendor lock-in
o Data privacy

o Integration with the rest of the system applications

Module 10 Page 1308 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Software-as-a-Service (SaaS)
This cloud computing service offers application software to subscribers on-demand over
the Internet. The provider charges for the service on a pay-per-use basis, by
subscription, by advertising, or by sharing among multiple users (e.g., web-based office
applications like Google Docs or Calendar, Salesforce CRM, and Freshbooks).
Advantages:
o Low cost
o Easy administration

o Global accessibility
o High compatibility (no specialized hardware or software is required)

Disadvantages:
o Security and latency issues
o Total dependency on the Internet

o Switching between Saa$S vendors is difficult
Identity-as-a-Service (IDaaS)
This cloud computing service offers authentication services to the subscribed
enterprises and is managed by a third-party vendor to provide identity and access
management services. It provides services such as Single-Sign-On (SSO), Multi-Factor-
Authentication (MFA), Identity Governance and Administration (IGA), access
management, and intelligence collection. These services allow subscribers to access
sensitive data more securely both on and off-premises (e.g., OnelLogin, Centrify Identity
Service, Microsoft Azure Active Directory, Okta).
Advantages:
o Low cost
o Improved security
o Simplify compliance
o Reduced time
o Central management of user accounts
Disadvantages:
o Single server failure may disrupt the service or create redundancy on other
authentication servers

o Vulnerable to account hijacking attacks
Security-as-a-Service (SECaaS)
This cloud computing model integrates security services into corporate infrastructure in
a cost-effective way. It is developed based on SaaS and does not require any physical

Module 10 Page 1309 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

hardware or equipment. Therefore, it drastically reduces the cost compared to that
spent when organizations establish their own security capabilities. It provides services
such as penetration testing, authentication, intrusion detection, anti-malware, security
incident and event management (e.g., eSentire MDR, Switchfast Technologies, OneNeck
IT Solutions, McAfee Managed Security Services).
Advantages:

o Low cost
o Reduced complexity

o Continuous protection

Improved security through best security expertise

Latest and updated security tools

Rapid user provisioning

o Greater agility

O Increased time on core competencies

Disadvantages:
o Increased attack surfaces and vulnerabilities

O Unknown risk profile
O Insecure APIs

o No customization to business needs

o Vulnerable to account hijacking attacks
» Container-as-a-Service (Caa$)
This cloud computing model provides containers and clusters as a service to its
subscribers. It provides services such as virtualization of container engines, management
of containers, applications, and clusters through a web portal, or an API. Using these
services, subscribers can develop rich scalable containerized applications through the
cloud or on-site data centers. Caa$ inherits features of both laaS and PaaS (e.g., Amazon
AWS EC2, Google Kubernetes Engine (GKE)).
Advantages:

o Streamlined development of containerized applications
O Pay-per-resource

o Increased quality
Portable and reliable application development
Low cost
Few resources

Module 10 Page 1310 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

o Crash of application container does not affect other containers
o Improved security
o Improved patch management
o Improved response to bugs
o High scalability

o Streamlined development
Disadvantages:

o High operational overhead
o Platform deployment is the developer’s responsibility
* Function-as-a-Service
(FaaS)
This cloud computing service provides a platform for developing, running, and managing
application functionalities without the complexity of building and maintaining necessary
infrastructure (serverless architecture). This model is mostly used while developing
applications for microservices. It provides on-demand functionality to the subscribers
that powers off the supporting infrastructure and incurs no charges when not in use. It
provides data processing services, such as Internet of Things (l1oT) services for connected
devices, mobile and web applications, and batch-and-stream processing (e.g., AWS
Lambda, Google Cloud Functions, Microsoft Azure Functions, Oracle Cloud Fn).
Advantages:

o Pay-per-use

o Low cost
o Efficient security updates

o Easydeployment
o High scalability
Disadvantages:

o High latency
o Memory limitations

o Monitoring and debugging limitations

o Unstable tools and frameworks
o Vendor lock-in
* Anything-as-a-Service (Xaa$)
Anything as a service or everything as a service (XaaS$) is a cloud-computing and remote-
access service that offers anything as a service over the Internet based on the user’s
demand. The service may include digital products such as tools, applications, and

Module 10 Page 1311 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

technologies, as well as other types of services such as food, transportation, and
medical consultations. The service is paid as per usage and cannot be purchased or
licensed as regular products. Apart from common cloud services such as software as a
service (Saa$), platform as a service (PaaS), and infrastructure as a service (laaS), XaaS
includes services such as network as a service (NaaS), storage as a service (STaas),
testing as a service (TaaS), malware as a service (MaaS), and disaster recovery as a
service (DRaas$). XaaS$ offers secure services such as customer relationship management
(CRM), cloud computing, and directory services (e.g., NetApp, AWS Elastic Beanstalk,
Heroku, and Apache Stratos).

Advantages:

o Highly scalable

o Independent of location and devices
o Fault tolerance and reduced redundancy
o Reduced capital expenditure
o Enhances business process by supporting rapid elasticity and resource sharing
Disadvantages:
o Chances of service outage as XaaS is dependent on the Internet
o Performance issues due to high utilization of the same resources
o Highly complex and difficult to troubleshoot at times

Module 10 Page 1312 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Virtualization and Cloud Computing

Customer vs. CSP Shared Responsibilities in IaaS, PaaS$, and Saa$
Cloud Computing
i
Resource Owners

- Subscribers/Tenants/Customers - Service Provider.. 2@ ¥ 000 ok raaaeeree |
Customer vs. CSP Shared Responsibilities in IaaS, PaaS, and Saa$S
In cloud computing, it is important to ensure the separation of responsibilities of the
subscribers and service providers. The separation of duties prevents conflicts of interest, illegal
acts, fraud, abuse, and errors, and it helps in identifying security control failures, including
information theft, security breaches, and invasion of security controls. It also helps in restricting
the amount of influence held by an individual and ensures that there are no conflicting
responsibilities.

It is essential to know the limitations of each cloud service delivery model when accessing
specific clouds and their models.
Cloud Computing
i
Resource Owners

- Subscribers/Tenants/Customers - Service Provider

Figure 10.21: Customer vs. CSP Shared Responsibilities in laaS, PaaS, and Saa$

Module 10 Page 1313 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.