Cyber Security Chapter 18 - Cloud

Cloud Computing

Cloud Computing

Computer services provided over a network.

PaaS

Platform as a service

SaaS

Software as a service

IaaS

Infrastructure as a service

Five Essential characteristics for cloud model

on-demand self-service, broad network access, resource pooling, rapid elasticity with scalability and measured service

On-Demand Self-Service

Allowed to provision computing capabilities(Server time, network storage) automatically without human interaction.

Broad Network Access

Cloud capabilities available over network and accessed through standard network protocols providing architectural flexibility in accessing the cloud capabilities.

Resource Pooling

Computing resources are pooled to serve multiple consumers using a multitenant model, according to customer demand assigning physical and virtual resources. Examples that can be pooled storage, processing, memory, network bandwidth.

Rapid Elasticity and Scalability

Match resources when it is needed the most or least. Example. increase in web traffic. (Horizontal scaling - goes in and out) (Vertical scaling - more cpu power, ram)

Measured service

Having a meter to measure the control and optimization of service

Infrastructure as a service

cloud based systems as a virtual solution for computing. Allows for utility computing as needed.

Platform as a Service

Offers a computing platform in the cloud. Multiple sets of software working to provide services, databases. PaaS Focuses on security and scalability.

Software as a Service

Offers software to end users within cloud. Installed software accessed through cloud instead of on machines. ex. office365, adobe creative suite

Anything as a Service

Cloud services, applications, storage and processing. SaaS and IaaS components into one.

Infrastructure as code

Use of machine-readable files to manage and provision computers. Ex. Software Defined network

Cloud types

There are 4 types which are public,private, hybrid, community

Private cloud

reserved resources used only for an organization, cloud within the cloud. Less exposure and better defines security and handling of data that occures within the cloud

Public cloud

Cloud service over a system that is open for public use.

Hybrid cloud

Cloud that include private, public and community cloud structures. Not joined but rather used together. Sensitive information to private while issue related in community.

Community Cloud

Several organizations with common interest share a cloud environment.

On premises

System resides locally in building of organization

Hosted services

Having services hosted somewhere else, commonly in a shared enviorement.

Cloud service provides (CSP)

A provider who gives you access to a cloud service. certain things to be enable through a subcription

Transit Gateway

network connection thats used to interconnect virtual private clouds(VPC)

High availability across Zones

Cloud configured to provide almost full time availability. If error happens, a process moves the failover to the backup component.

Resource Policies

Cloud based resources are controlled via a set of policies. What is controlled is processing power, what apps, security requirements and storage, access control

Secrets managements

maintaining cloud security, encryption keys out side of cloud to keep attackers from access to the data in the cloud

IAM systems

Permissions for data access and modifications. Who can do what to data

Segmentation

Network process of seperating network elements into segments and regulating traffic between the segments.

Instance Awareness

Is the alert in which must be enabled throug a firewall,secure web gateways and cloud acess security brokers to determine if a system is legit or not

Virtual private cloud

Use a private cloud without needing additional vpn connection or internet gateway

Container Security

Implementing security tools and policies to ensure container is running as intended.

Security as a service

The outsourcing of security functions to a vendor that has advantages in scale costs, speed.

Managed Security Service Provider(MSSP)

Company that remotely manages a customers infrastructure. A apart of the infrasttruce. Some parts do it yourself over through service provider

Cloud Access Security Broker(CASB)

Intergrated suites of tools or services offered as Security as a Service. Exists between the cloud provider and customer connection. Mediate all acess

Virtualization

Used to enable computer to have more than one OS present and at most times operating at the same time.

Hypervisor(needed to employ virtualization)

Low level program that allows multiple OS to run concurrently on single computer. Controls I/O and memory management

Type 1 Hypervisor

Runs directly on system hardware. Designed for speed and efficiency. Kernel-based virtual machine. Designed for high end server market.

Type 2

run on top of a host OS. Oracle VM box. Designed for desktop or smal server enviorment

VM Sprawl

Too much virtual machines creating a disorganized structure. This can be avoided using a policy through name conventions and filing management

VM Escape protection

either malware or an attacker escapes from a VM to the OS itself.

Fog computing

Distrubuted form of cloud computing that is perfomred or distruibuted decentilized acrhitecture

Edge computing

Computing performed at the edge of netowrk. Desinged for speed.