Chap 8 cloud computing Flashcards
Cloud Computing
delivery of computing services.
services include
1. servers
1. storage
1. databases
1. networking, software
delivered over the internet (“the cloud”).
Cloud Computing mechanism
- instead of owning and managing physical servers/ infrastructure
- users can access resources on-demand from cloud service providers.
- enables users and organizations to rely on external providers for storing, processing, and accessing their data.
cloud computing capabilities
- Offers high configuration and economy of scale
- ensures data and services are always available
- provides scalable infrastructure for applications.
Cloud Computing - Key Characteristics
1.On-demand self-service:
1. Broad network access:
1. Resource pooling: ** Cloud providers pool and dynamically allocate resources to serve multiple users
1. Rapid elasticity: Cloud resources can be scaled up or down quickly and automatically to meet changing demands
1Measured service:** Cloud computing resources are typically metered users to pay only for the resources they consume.
Cloud Computing - Advantages
- Scalability
- Cost-effectiveness:
- Flexibility
- Accessibility:
- Reliability and resilience
Common Cloud Service Models
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
Cloud Computing - Issues
**New security and privacy problems
**
* can have malicious system admins who could tamper with VMs
* violate confidentiality and integrity.
*
**consumer’s loss of control. **
The consumer relies on the provider to ensure data security and privacy, resource availability, and monitoring/repairing of services.
Trusting a third party requires taking risks. The need for trust arises only in risky situations.
Taxonomy of Fear
specific concerns related to cloud computing security:
- Confidentiality:
- Fear of loss of control over data.
- Integrity:
- Availability:
- Would cloud scale well-enough? cloud providers argue their downtime compares well with cloud user’s own data centers.
Cloud Security as a Service (SecaaS)
segment of the SaaS
- provision of security applications and services via the cloud.
- can be delivered either to cloud-based infrastructure and software, or from the cloud to the customers’ on-premise systems.
- designed to enhance the security posture of cloud-based environments and protect data, applications, and infrastructure from various cyber threats.
Cloud Computing Security - Key Aspects (of SecaaS)
Security Tools and Services: Examples include firewall-as-a-service, intrusion detection and prevention systems (IDPS), secure web gateways
Managed Security Services: monitor, detect, and respond to security incidents on behalf of their clients.
Compliance and Governance: helping organizations adhere to standards and regulations. may provide tools for audit logging, compliance reporting, and policy enforcement.
Scalability and Flexibility: organizations to scale security resources up or down based on their needs.
Cost-Effectiveness: By leveraging SECaaS, organizations can avoid the upfront costs of purchasing and maintaining on-premises security infrastructure.
Integration with Cloud Providers: This integration enables centralized security management.
Cloud Computing Security (General Issues Summary)
Cloud computing introduces new security and privacy problems.
*
There is a necessity for solutions to protect data and process it securely within the cloud.
*
Even when the cloud provider is deemed honest, there’s a risk from malicious system administrators who could tamper with virtual machines (VMs), compromising confidentiality and integrity.
*
Cloud environments are susceptible to traditional data security issues related to confidentiality, integrity, availability, and privacy, in addition to facing some additional attacks specific to the cloud model.
Security Services: SECaaS (Categories & Specific Offerings)
- Identity and access management
- Data loss prevention
- Web security
- E-mail security
- Security assessments
- Intrusion management
- Security information and event management
- Encryption
- Business continuity and disaster recovery
- Network security
Range of Security Tools and Services Offered by Providers:
-
Firewall-as-a-Service (FWaaS): Cloud-based firewalls controlling network traffic based on rules.
1.** intrusion Detection and Prevention Systems (IDPS):** Tools monitoring activities for malicious behavior and alerting/blocking threats.
1. Secure Web Gateways (SWG): Solutions filtering and inspecting web traffic against threats like malware, phishing, malicious URLs.
1. Email Security: Services protecting against email threats (spam, phishing, malware, spoofing).
1. Endpoint Security: Solutions securing endpoints (laptops, desktops, mobile devices) by detecting/preventing malware, unauthorized access, data breaches.
1. Data Encryption: Tools for encrypting data at rest and in transit.
1. Identity and Access Management (IAM): Services managing user identities, access rights, and authentication for secure access.
**1. Security Information and Event Management (SIEM): **Platforms collecting, analyzing, and correlating security events/logs to detect and respond to incidents.
1. Vulnerability Management: Tools scanning for and remediating vulnerabilities in software, systems, and configurations
How Does Cloud Security Work? (Shared Responsibility Model)
security duties are divided between the user and the (CSP)
Infrastructure as a Service (IaaS):
Your responsibility: You secure your data, applications, virtual network controls, operating system, and user access.
CSP responsibility: The cloud provider secures compute, storage, and physical network, including all patching and configuration.
Platform as a Service (PaaS):
Your responsibility: You secure your data, user access, and applications.
CSP responsibility: The cloud provider secures compute, storage, physical network, virtual network controls, and operating system.
Software as a Service (SaaS):
Your responsibility: You are responsible for securing your data and user access.
CSP responsibility: The cloud provider secures compute, storage, physical network, virtual network controls, operating system, applications, and middleware.
