Skip to main content

The Basics

Updated Feb 28, 2020 ·

Cloud Computing

Cloud computing involves accessing and utilizing computing resources and services over the internet, provided by third-party vendors. It offers scalability, flexibility, and reduced dependency on on-premise hardware.

  • Servers
  • Storage
  • Databases
  • Networking
  • Software Analytics
  • Intelligence

Cloud Concepts

TO learn more, check out Cloud Foundations section.

  • Utility Model

    • Similar to utilities like electricity.
    • Provisioned in a specific location.
    • Offers scalability, elasticity, and ease of use for IT service deployment.
  • NIST Definition

    • National Institute of Standards and Technology (NIST) provides a widely accepted definition.
    • Described as a model enabling ubiquitous, on-demand access to a shared pool of configurable computing resources.
    • Emphasizes rapid provisioning and release with minimal management effort.
  • Responsibility Matrix

    • A tool outlining roles and responsibilities within a project or organization.
    • Clarifies who is accountable for specific tasks or areas of work.
    • Helps ensure clear communication and accountability.
  • Third-party Vendors

    • External entities providing goods or services to a company.
    • Often contracted for specialized expertise or resources.
    • Can include suppliers, service providers, consultants, or software vendors.
    • Require clear communication, contracts, and management to ensure successful collaboration.
  • Hybrid Solutions

    • In the context of IT, often refers to a mix of on-premise and cloud solutions.
    • Offers flexibility by leveraging both local infrastructure and cloud services.
    • Integration and management to ensure smooth operation and maximum benefit.

Key Considerations

  • Availability

    • Redundancy measures to prevent single points of failure.
    • Monitoring systems for early detection of issues.
    • Disaster recovery plans for quick restoration of services.
  • Cost

    • Total cost of ownership analysis including initial setup, maintenance, and operational expenses.
    • Cost optimization strategies such as resource consolidation or automation.
    • Budget forecasting to anticipate future expenses.
  • Resilience

    • Fault-tolerant architecture design.
    • Regular testing of backup and recovery procedures.
    • Geographic redundancy for data centers or cloud regions.
  • Responsiveness

    • Service level agreements (SLAs) defining response times and resolution targets.
    • Proactive monitoring and alerting systems.
    • Efficient incident management processes.
  • Scalability

    • Horizontal and vertical scaling capabilities.
    • Auto-scaling mechanisms based on demand fluctuations.
    • Performance testing to ensure scalability thresholds are met.
  • Ease of Deployment

    • Streamlined deployment pipelines or automation tools.
    • Compatibility testing with existing infrastructure.
    • User-friendly interfaces and documentation.
  • Risk Transference

    • Clearly defined contractual agreements and service level guarantees.
    • Insurance policies to mitigate financial risks.
    • Compliance with regulatory requirements and standards.
  • Patch Availability

    • Patch management processes to ensure timely application of updates.
    • Vulnerability scanning and assessment tools.
  • Inability to Patch

    • Risk assessment and prioritization of unpatched vulnerabilities.
    • Compensating controls or mitigation strategies.
    • Regular security audits and assessments.
  • Power

    • Redundant power sources such as uninterruptible power supplies (UPS) or backup generators.
    • Monitoring and maintenance of power infrastructure.
    • Energy-efficient hardware and cooling systems.
  • Compute

    • Performance benchmarks and optimization techniques.
    • Load balancing for efficient resource utilization.
    • Capacity planning based on workload requirements and growth projections.

Managed Service Provider (MSP)

A company managing IT assets for another organization and is Commonly utilized by small- and medium-sized businesses for day-to-day IT operations.

  • Outsourcing Functions

    • Used to outsource specific IT functions or manage entire operations.
    • Expertise provided in areas where the company lacks internal capabilities.
  • Services Provided by MSPs

    • Network and security monitoring.
    • Patching services.
    • Cloud-based solutions, including Managed Detection and Response (MDR).
  • MDR Service Example

    • Managed Detection and Response (MDR) involves active incident investigation and response.
    • Monitors security tools, such as firewalls, for event triaging.
  • Common MSP Implementations

    • Augmenting in-house staff for projects.
    • Implementing products or services.
    • Providing payroll services.
    • Managing Help Desk service.
    • Responding to and managing security incidents.
    • Overseeing all in-house IT infrastructure.

Service-Level Agreement (SLA)

It is an agreement between a cloud service provider and customer that defines the quality of cloud services, specific to cloud computing terms and roles.

  • Importance of SLA

    • Functions as a rule book and legal contract.
    • Outlines minimum service levels, availability, security, controls, and more.
  • Purpose of SLA

    • Documents specific parameters, service levels, and remedies for failures.
    • Addresses data ownership, return, and destruction details.
  • Key SLA Points

    • Cloud system infrastructure and security standards.
    • Customer's right to audit legal and regulatory compliance.
    • Rights and costs associated with service use continuation/discontinuation.
    • Service availability and performance.
    • Data security, privacy, and location.
    • Disaster recovery processes and data access.
    • Data portability and problem identification/resolution.
    • Change management processes and dispute mediation.
    • Exit strategy considerations.

Common Security Challenges

  • Shared Physical Server Vulnerabilities

    • Multiple users often share the same underlying physical servers in a cloud environment.
    • Isolation mechanims prevent unauthorized access between virtual machines.
    • Regular security assessments and audits of underlying hardware.
    • Implementation of hypervisor security measures to mitigate risks.
  • Inadequate Virtual Environment Security

    • Segmentation of virtual networks and resources.
    • Intrusion detection and prevention systems within virtual environments.
    • Regular security updates and patches for virtualization software.
  • User Access Management

    • Role-based access controls (RBAC) to limit privileges based on job roles.
    • Multi-factor authentication (MFA) for enhanced user verification.
    • Regular reviews and audits of user permissions to prevent unauthorized access.
  • Lack of Up-to-date Security Measures

    • Continuous monitoring for security vulnerabilities and emerging threats.
    • Automated patch management systems to ensure timely updates.
    • Integration with threat intelligence feeds for proactive threat detection.
  • Single Point of Failure

    • Redundancy and failover mechanisms across multiple data centers or availability zones.
    • Load balancing to distribute traffic and mitigate the impact of failures.
    • Disaster recovery plans to maintain operations in the event of a failure.
  • Weak Authentication and Encryption

    • Strong encryption protocols for data transmission and storage.
    • Secure key management practices to protect encryption keys.
    • Regular password policy enforcement and password rotation.
    • For more information, please see Data Encryption.
  • Unclear Policies and Data Remnants

    • Clear data retention policies outlining data lifecycle management.
    • Secure data deletion procedures to ensure data remnants are properly erased.
    • Compliance with regulatory requirements regarding data privacy and disposal.

Cloud Security Controls

  • Instance Awareness

    • The idea is to be aware of how many VMs are being managed.
    • "VM Sprawl, overprovisioning VMs which can lead to unused or forgotten VMs.
    • More VMs means increased attack surface.
  • Cloud Access Security Broker (CASB)

    • Enforces security policies when accessing cloud resources.
    • Usually a VM that runs on-prem, acts as a middle-man.
    • Can restrict VM types that can be deployed, limit storage account size, etc.
  • Next-Generation Secure Web Gateway (SWG)

    • Security appliance that has the CASB functionality, with additional capabilities.
    • Web content filtering, data loss prevention (DLP), firewall abilities.
  • CSP Secure Solutions

    • Azure and AWS Network Security Groups
    • Azure Policies; controls cloud resource deployments and compliance.
  • Data Loss Prevention (DLP) Solutions

    • Prevents data exfiltration.

    • Azure Information Protection (AIP).

  • Cloud Monitoring

    • Detect abnormalities or suspicious activities.
    • Utilize log reviews for "detective" security controls.
    • Employ log forwarding to aggregate logs into a centralized logs repository.

Feedback