Cloud Infrastructures - CompTIA Security+ SY0-701 - 3.1

Cloud responsibility matrix

• IaaS, PaaS, SaaS, etc.

- Who is responsible for security?

• Security should be well documented

- Most cloud providers provide a matrix of

responsibilities

- Everyone knows up front

• These responsibilities can vary

- Different cloud providers

- Contractual agreements

- Responsibility matrix example

Hyrbid considerations

Hybrid cloud

- More than one public or private cloud

- this adds additional complexity

Network protection mismatches

- Authentication across platforms

- Firewall configurations

- Server settings

Different security monitoring

- Logs are diverse and cloud specific

Data leakage

- Data is shared across the public internet

Third party vendors in the cloud

You, the cloud provider, and third parties

- Infrastructure technologies

- Cloud-based appliances

Ongoing vendor risk assessments

- Part of an overall vendor risk management policy

Include third-party impact for incident response

- Everyone is part of the process

Constant monitoring

- Watch for changes and unusual activity

Infrastructure as code

• Describe an infrastructure

- Define servers, network, and applications as code

• Modify the infrastructure and create versions

- The same way you version application code

• Use the description (code) to build other

application instances

- Build it the same way every time based on the code

• An important concept for cloud computing

- Build a perfect version every time

Serverless Architecture

Function as a Service (FaaS)

- Applications are separated into individual, autonomous functions

- Remove the operating system from the equation

Developer still creates the server-side logic

- Runs in a stateless compute container

May be event triggered and ephemeral

- May only run for one event

Managed by a third party

- All OS security concerns are at the 3rd party

Microservers and APIs

Monolithic applications

- One big app that does everything

Application contains all decision making process

- User interface

- Business logic

- Data input and output

Code challenges

- Large codebase

- Change control challenges

Microservices and APIs

APIs

- Application Programming Interfaces

API is the "glue" for the microservices

- Work together to act as the application

Scalable

- Scale just the microservices you need

Resilient

- Outages are contained