Chapter 10 - Cloud and Virtualization Security Flashcards
Cloud Computing
Cloud Computing is where cloud service providers deliver computing services to their customers over the Internet.
Multitenancy
Multitenancy is the fact that many different users share resources in the same cloud infrastructure.
Scalability
Scalability allows cloud customers to manually or automatically increase the capacity of their operations. In some cloud environments, this can be completely transparent and be performed behind the scenes.
Elasticity
Elasticity says that capacity should expand and contract as needs change to optimize costs.
Measured Service
Measured Service refers to how everything you do (processing time, storage, log entries) in the cloud is measured by the provider. They use this information to be able to assess charges based on your usage.
What are the common Roles in Cloud Computing?
- Cloud service provider
- Cloud consumer
- Cloud partner (offer ancillary products or services that integrate with the offerings of a cloud service provider)
- Cloud auditor (third-party assessment of cloud services)
- Cloud carrier (provide connectivity between cloud provider and consumer)
Infrastructure as a Service (IaaS)
Infrastructure as a Service offerings allow customers to purchase and interact with the basic building blocks of a technology infrastructure. These include computing, storage, and networks. Some examples of IaaS providers include AWS, Microsoft Azure and Google Cloud Platform (GCP).
Software as a Service (SaaS)
Software as a Service offerings provide customers with access to a fully managed application running in the cloud. The provider is responsible for everything from the operation of the physical datacenters to the performance management of the application itself. A common example of SaaS is web-based email.
Platform as a Service (PaaS)
Platform as a Service offerings fit into a middle ground between SaaS and IaaS solutions. In PaaS, the service provider offers a platform where customers may run applications that they have developed themselves.
Function as a Service (FaaS)
Function as a Service platforms are an example of PaaS computing. This approach allows customers to upload their own code functions to the provider and then the provider will execute those functions on a scheduled basis in response to events and/or on demand. A common example of FaaS would be AWS Lambda.
Managed Service Provider (MSP)
Managed Service Providers are service organizations that provide information technology as a service to their customers.
Public Cloud
Public Cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multitenant model.
Private Cloud
Private Cloud describes any cloud infrastructure that is provisioned for use by a single customer. This infrastructure may be built and managed by the organization that will be using the infrastructure, or it may be built and managed by a third party.
Community Cloud
Community Cloud services share characteristics of both the public and private models. Community Cloud services do run in a multitenant environment, but the tenants are limited to members of a specifically designed community.
Hybrid Cloud
Hybrid Cloud is a catch-all term used to describe cloud deployments that blend public, private, and/or community cloud services together. It is NOT simply purchasing both public and private cloud services and using them together. AWS Outpost is a common Hybrid Cloud technology.
Another example of a Hybrid Cloud is a firm that operates their own private cloud for the majority of their workloads and then leverages public cloud capacity when demand exceeds the capacity of their private cloud infrastructure.
Bursting
Bursting is a configuration that allows a private cloud to access additional computing resources from a public cloud when there is a sudden increase in demand.
Shared Responsibility Model
Shared Responsibility Model refers to dividing responsibilities between one or more cloud service providers and the cloud customers’ own cybersecurity teams.
Edge Computing
Edge Computing is about processing data closer to where it’s being generated, enabling processing at greater speeds and volumes. Only after the data is processed at the edge can it then be sent back to the cloud.
Fog Computing
Fog Computing uses IoT gateway devices that are located in close physical proximity to the data generation points. These data generation points themselves don’t necessarily have processing power, but they send data to their local gateway that performs preprocessing before sending the results to the cloud.
Isolation
Isolation, in the context of virtualization, is the primary responsibility of the hypervisor. The hypervisor must present each virtual machine with the illusion of a completely separate physical environment dedicated for use by that virtual machine.
Containers
Containers provide application-level virtualization. Instead of creating complex virtual machines that require their own operating systems, containers package applications and allow them to be treated as units of virtualization that become portable across operating systems and hardware platforms.
Block Storage
In cloud computing, Block Storage allocates large volumes of storage for use by virtual server instances. These volumes are then formatted as virtual disks by the operating system on those server instances and used as they would a physical drive. An example of Block Storage in the cloud is Elastic Block Storage (EBS) by AWS.
Object Storage
In cloud computing, Object Storage provides customers with the ability to place files in buckets and treat each file as an independent entity that may be accessed over the web or through the provider’s API. An example of Object Storage in the cloud is AWS Simple Storage Service (S3).
What are the three most important security considerations to keep in mind while working with cloud storage?
- Set permissions properly
- Consider high availability and durability options
- Use encryption to protect sensitive data
