Chapter 10 - 02 - Understand Cloud Computing Fundamentals - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Types of Cloud Computing Services SYS ADMINS DEVELOPERS END CUSTOMERS END CUSTOMERS Infrastructure-as-a- Platform-as-a-Service Software-as-a-Service Identity-as-a-Sexvice (IDaas) Service (IaaS) = Provides virtual machines and other abstracted hardware (Paas) = and operating systems deployment platforms = * Offers software to subscribers on-demand over the Internet = * E.g., web-based office which may be on-demand that can be applications like Google a service API E.g., AmazonEC2, develop custom applications Salesforce CRM, or Freshbooks controlled through * Offers development tools, configuration management, and (Saas) GoGrid, Microsoft OneDrive, or Rackspace used by subscribers to = Docs or Calendar, E.g., Google App Engine, Salesforce, or Microsoft Azure Offers IAM services including SSO, MFA, IGA, and intelligence collection E.g., Onelogin, Centrify Identity Service, Microsoft Azure Active Directory, or Okta Types of Cloud Computing Services (Cont’d) = = Provides penetration testing, authentication, intrusion detection, anti-malware, security incident, and event management services E.g., eSentire MDR, Switchfast Technologies, OneNeck IT Solutions, or McAfee Managed Security Services Function-as-a-Service (FaaS) END CUSTOMERS END CUSTOMERS Security-as-a-Service (SECaaS8) E.g., Amazon AWS EC2, or Google Kubernetes Engine (GKE) g CUSTOMERS END CUSTOMERS = Offers virtualization of container engines, and management of containers, applications, and clusters, through a web portal or API E.g., AWS Lambda, Google Cloud Functions, Microsoft Azure Functions, or Oracle Cloud Fn Anything-as-a-Service (XaaS) Container-as-a-Service (CaaSl) = Provides a platform for developing, running, and managing application functionalities for microservices Offers anything as a service over the Internet based on the user’s demand like digital products, food, transportation, medical consultations, etc. E.g., Salesforce, AWS, Google Compute Engine, Azure, 0365 and G Suite, JumpCloud Types of Cloud Computing Services Cloud services are divided broadly into the following categories: » [Infrastructure-as-a-Service (laaS) This cloud computing service enables subscribers to use on-demand fundamental IT resources, such as computing power, virtualization, data storage, and network. This service provides virtual machines and other abstracted hardware and operating systems Module 10 Page 1307 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 (OSs), which may be controlled through a service application programming interface (API1). As cloud service providers are responsible for managing the underlying cloud computing infrastructure, subscribers can avoid costs of human capital, hardware, and others (e.g., Amazon EC2, Microsoft OneDrive, Rackspace). Advantages: o Dynamic infrastructure scaling o Guaranteed uptime o Automation of administrative tasks o Elastic load balancing (ELB) o Policy-based services o Global accessibility Disadvantages: » o Software security is at high risk (third-party providers are more prone to attacks) o Performance issues and slow connection speeds Platform-as-a-Service (PaaS) This type of cloud computing service allows for the development of applications and services. Subscribers need not buy and manage the software and infrastructure underneath it but have authority over deployed applications and perhaps application hosting environment configurations. This offers development tools, configuration management, and deployment platforms on-demand, which can be used by subscribers to develop custom applications (e.g., Google App Engine, Salesforce, Microsoft Azure). Advantages of writing applications in the PaaS environment include dynamic scalability, automated backups, and other platform services, without the need to explicitly code for them. Advantages: o Simplified deployment o Prebuilt business functionality o Lower security risk compared to laaS o Instant community o Pay-per-use model o Scalability Disadvantages: o Vendor lock-in o Data privacy o Integration with the rest of the system applications Module 10 Page 1308 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Software-as-a-Service (SaaS) This cloud computing service offers application software to subscribers on-demand over the Internet. The provider charges for the service on a pay-per-use basis, by subscription, by advertising, or by sharing among multiple users (e.g., web-based office applications like Google Docs or Calendar, Salesforce CRM, and Freshbooks). Advantages: o Low cost o Easy administration o Global accessibility o High compatibility (no specialized hardware or software is required) Disadvantages: o Security and latency issues o Total dependency on the Internet o Switching between Saa$S vendors is difficult Identity-as-a-Service (IDaaS) This cloud computing enterprises and service is managed offers authentication by a third-party vendor services to to provide the identity subscribed and access management services. It provides services such as Single-Sign-On (SSO), Multi-FactorAuthentication (MFA), Identity Governance and Administration (IGA), access management, and intelligence collection. These services allow subscribers to access sensitive data more securely both on and off-premises (e.g., OnelLogin, Centrify Identity Service, Microsoft Azure Active Directory, Okta). Advantages: o Low cost o Improved security o Simplify compliance o Reduced time o Central management of user accounts Disadvantages: o Single server failure may disrupt the service or create redundancy on other authentication servers o Vulnerable to account hijacking attacks Security-as-a-Service (SECaaS) This cloud computing model integrates security services into corporate infrastructure in a cost-effective way. It is developed based on SaaS and does not require any physical Module 10 Page 1309 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing hardware Exam 212-82 or equipment. Therefore, it drastically reduces the cost compared to that spent when organizations establish their own security capabilities. It provides services such as penetration testing, authentication, intrusion detection, anti-malware, security incident and event management (e.g., eSentire MDR, Switchfast Technologies, OneNeck IT Solutions, McAfee Managed Security Services). Advantages: o Low cost o Reduced complexity o Continuous protection Improved security through best security expertise Latest and updated security tools Rapid user provisioning o Greater agility O Increased time on core competencies Disadvantages: » o Increased attack surfaces and vulnerabilities O Unknown risk profile O Insecure APIs o No customization to business needs o Vulnerable to account hijacking attacks Container-as-a-Service (Caa$) This cloud computing model provides containers and clusters as a service to its subscribers. It provides services such as virtualization of container engines, management of containers, applications, and clusters through a web portal, or an API. Using these services, subscribers can develop rich scalable containerized applications through the cloud or on-site data centers. Caa$ inherits features of both laaS and PaaS (e.g., Amazon AWS EC2, Google Kubernetes Engine (GKE)). Advantages: o Streamlined development of containerized applications O Pay-per-resource o Increased quality Portable and reliable application development Low cost Few Module 10 Page 1310 resources Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 o Crash of application container does not affect other containers o Improved security o Improved patch management o Improved response to bugs o High scalability o Streamlined development Disadvantages: * o High operational overhead o Platform deployment is the developer’s responsibility Function-as-a-Service (FaaS) This cloud computing service provides a platform for developing, running, and managing application functionalities without the complexity of building and maintaining necessary infrastructure (serverless architecture). This model applications for microservices. It provides on-demand is mostly used while developing functionality to the subscribers that powers off the supporting infrastructure and incurs no charges when not in use. It provides data processing services, such as Internet of Things (l1oT) services for connected devices, mobile and web applications, and batch-and-stream processing (e.g., AWS Lambda, Google Cloud Functions, Microsoft Azure Functions, Oracle Cloud Fn). Advantages: o Pay-per-use o Low cost o Efficient security updates o Easydeployment o High scalability Disadvantages: * o High latency o Memory limitations o Monitoring and debugging limitations o Unstable tools and frameworks o Vendor lock-in Anything-as-a-Service (Xaa$) Anything as a service or everything as a service (XaaS$) is a cloud-computing and remoteaccess service that offers anything as a service over the Internet based on the user’s demand. Module 10 Page 1311 The service may include digital products such as tools, applications, and Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing technologies, medical as well Exam 212-82 as other types consultations. The service of services such is paid as per usage licensed as regular products. Apart from common as food, and transportation, cannot be purchased and or cloud services such as software as a service (Saa$), platform as a service (PaaS), and infrastructure as a service (laaS), XaaS includes services such as network as a service (NaaS), storage as a service (STaas), testing as a service (TaaS), malware as a service (MaaS), and disaster recovery as a service (DRaas$). XaaS$ offers secure services such as customer relationship management (CRM), cloud computing, and directory services (e.g., NetApp, AWS Elastic Beanstalk, Heroku, and Apache Stratos). Advantages: o Highly scalable o Independent of location and devices o Fault tolerance and reduced redundancy o Reduced capital expenditure o Enhances business process by supporting rapid elasticity and resource sharing Disadvantages: o Chances of service outage as XaaS is dependent on the Internet o Performance issues due to high utilization of the same resources o Highly complex and difficult to troubleshoot at times Module 10 Page 1312 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Customer vs. CSP Shared Responsibilities in IaaS, PaaS$, and Saa$ Cloud Computing Resource Owners i -.. 2@ Subscribers/Tenants/Customers ¥ - 000 Service Provider ok raaaeeree | Customer vs. CSP Shared Responsibilities in IaaS, PaaS, and Saa$S In cloud computing, it is important to ensure the separation of responsibilities of the subscribers and service providers. The separation of duties prevents conflicts of interest, illegal acts, fraud, abuse, and errors, and it helps in identifying security control failures, including information theft, security breaches, and invasion of security controls. It also helps in restricting the amount of influence responsibilities. held by an individual and ensures that there are no It is essential to know the limitations of each cloud service delivery model when specific clouds and their models. conflicting accessing Resource Owners Cloud Computing i - Subscribers/Tenants/Customers - Service Provider Figure 10.21: Customer vs. CSP Shared Responsibilities in laaS, PaaS, and Saa$ Module 10 Page 1313 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.