cloud security Flashcards
(13 cards)
What is the shared security model in cloud security?
Responsibilities are split between the cloud provider and the customer. Providers handle physical and infrastructure security, while customers manage user access and data configurations.
What does the cloud provider manage in the shared responsibility model?
They manage physical security (locks, alarms, reception), infrastructure security (hardware, hypervisors), and underlying services like backups, but not customer-specific configurations.
What are the customer responsibilities in the shared responsibility model?
Customers are responsible for correct configuration, user access control, preventing privilege escalation, and using security tools provided by the supplier correctly.
What analogy illustrates the shared responsibility model?
Renting a bicycle with a lock in Germany: you’re responsible for theft unless you can prove it was locked. Similarly, cloud customers must prove secure usage of provided tools.
What are the three main cloud service models?
SaaS (Software as a Service), IaaS (Infrastructure as a Service), and PaaS (Platform as a Service), each offering different levels of control and responsibility to the customer.
What is SaaS and who handles the security?
Software as a Service includes apps like Zoom or Outlook. The provider manages almost everything; the user has minimal control over the infrastructure.
What is IaaS and what does it provide?
Infrastructure as a Service gives users access to virtual machines where they install and manage their own software (e.g., AWS EC2). Security responsibilities are more customer-centric.
What is PaaS and how does it differ from IaaS?
Platform as a Service offers managed infrastructure with more direct resource access than IaaS. Customers manage apps and data, while the provider handles OS and hardware.
What is a Cloud Access Security Broker (CASB)?
A CASB is a security enforcement layer between users and cloud providers. It provides visibility, data security, threat protection, and compliance support.
What are the limitations of CASBs?
CASBs are often installed on managed devices, making them easier to bypass on unmanaged or personal devices, which limits their enforcement reach.
What is Cloud Security Posture Management (CSPM)?
CSPM tools monitor and assess cloud configurations to ensure compliance and prevent risks. They apply policies and frameworks to manage IaaS and PaaS environments securely.
How does CSPM compare to CASB?
CASB focuses on monitoring user behavior and traffic, while CSPM audits cloud configurations. Some sources conflate them, but CSPM applies more to configuration and compliance.
What kind of security concerns do cloud suppliers face in PaaS models?
Suppliers must protect against insider threats (staff misuse) and customer misconfigurations, particularly with complex and opaque system tools.
