Scribd
Upload
11 views14 pages

Cloud Security

Uploaded by

anindita.labonno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views14 pages

Cloud Security

Uploaded by

anindita.labonno
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

What is Cloud Computing?

• Who coined the term?


https://www.technologyreview.com/2011/10/31/257406/who-coined-cloud-
computing/

• Amazon definition: “Cloud computing is the on-demand delivery of computer


power, database storage, applications, and other IT resources through a cloud
services platform via the internet with pay-as-you-go pricing”.

• Microsoft definition: “Cloud computing is the delivery of computing services –


servers, storage, databases, networking, software, analytics, and more – over the
Internet (“the cloud”). Companies offering these computing services are called
cloud providers and typically charge for cloud computing services based on
usage, similar to how you’re billed for water or electricity at home”.
Benefits
• Cost

• Speed

• Scalability

• Productivity

• Security
Types of Cloud Deployment

• Public: All services provided by a third-party

• Private: Managed by a single organization

• Hybrid: Combination of public and private

Control and visibility trade-off


Types of Cloud Services

SaaS
Subscription based hosted applications

PaaS Example: Google apps like Gmail, MS Office 365

Operating systems, middleware Software as a Service


developer platforms and tools.

IaaS AWS Elastic Beanstalk, Google App Engine

Servers, storage, and network Platform as a Service


services. Example: Amazon EC2,
Windows Azure Virtual Machines
and Google Compute Engine
Infrastructure as a Service
AWS Shared Responsibility Model

https://aws.amazon.com/compliance/shared-responsibility-model/
Microsoft Azure Shared Responsibility

https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

https://www.microsoft.com/security/blog/2018/06/19/driving-data-
security-is-a-shared-responsibility-heres-how-you-can-protect-
yourself/
Cloud Security Alliance (CSA)

• An organization dedicated to cloud security solutions:


(https://cloudsecurityalliance.org/about/history/)

• Publishes the Cloud Security Governance, Risk Management, and


Compliance (GRC) stack

• Assesses both public and private clouds


GRC stack
• Cloud audit: Audit of IaaS, PaaS, and Saas

• Cloud Controls Matrix (CCM): According the CSA website, CCM is “the world’s only meta-
framework of cloud-specific security controls, mapped to leading standards, best
practices and regulations”.

• Consensus Assessments Initiative Questionnaire (CAIQ): Questionnaire for documenting


the security controls in Iaas, PaaS, and SaaS (https://cloudsecurityalliance.org/cai.html)

• Cloud Trust Protocol (CTP): Mechanism for customers to get information about security
and privacy documentation from cloud providers
Cloud Controls Matrix (CCM)

• A cybersecurity control framework for cloud computing

• 133 control objectives, structured in 16 domains

• Documented in CSA Security Guidance v4


Cloud Infrastructure Leaders

• Amazon, Microsoft, Google

• Amazon (AWS) is the leader (both Microsoft and Google compare


against AWS)

• AWS often used as a reference for security discussions


AWS Regions and Availability Zones

• 76 Availability Zones within 24 Regions:


https://aws.amazon.com/about-aws/global-infrastructure/

• Each Availability Zone has one or more data centers

• Each Region is totally independent, but data can also be transferred


between Regions
Serverless Computing (AWS Lambda)

AWS YouTube channel introduction:


https://www.youtube.com/watch?v=eOBq__h4OJ4
Security Benefits

• A much smaller attack surface

• No additional requirement to patch servers

• Ephemeral environment
Security Concerns

• Paradoxically, the attack surface might get bigger!

• Proper authentication and access control required for deploying


functions

• Compliance issues regarding personally identifiable information (PII),


protected health information (PHI), credit card data (PCI) etc. Check
here: https://aws.amazon.com/compliance/services-in-scope/

You might also like