CCSK => Certificate of Cloud
Security Knowledge
92 of the questions are based on CSA Guide
8 percent is based on ENISA Report
Cloud security fundamentals (How Cloud
architecture impacts Security concerns)
Cloud Computing:
According to the National Institute of
Standards and Technology, it is a model for enabling convenient, on-demand
network access to a shared pool of configurable computing resources (Eg.,
networks, storage, applications and services) that can be rapidly provisioned
and released with minimal management effort and service provider interaction.
Download the PDF
This is composed of 5 essential
characteristics, three service models and four deployment models
Five essential characteristics of Cloud
Computing
On demand self-service:
Customer will be able to add or reduce the
computing resources based on the requirement without any technical support.
Broad Network access:
It should be available to cx from any place
using internet connection, it should be also available to manage from any place
without any ‘vpn’ or remote connectivity or any restriction.
Resource pooling:
In
Cloud computing resources will be shared, there are als0 options to restrict
it. Resource allocation are all dynamic, when we need more resources it should
be dynamically allocated from the pool. these can be allocated from any
geographical locations.
Rapid elasticity:
Cloud has the capability to allocate or
de-allocate resources dynamically.
The criteria for scaling up and down can be
defined by the customer, dynamic allocation guarantees the performance of the
application deployed in the cloud with optimum resources
Download the PDF
Measured service:
In cloud the customer will be charged based
on the usage of the resources.
there will be a mechanism to automatically
measure the usage of resources.
billing will be based on the pay per use
which benefits the customer.
Three service models in cloud computing:
Infrastructure as a service
Platform as a service
Software as a service
Iaas:
here cx gets only the hardware and gets the
freedom to choose the software that he wants.
Paas:
here the hardware and basic software are given
provides the consumers with a stable online
environment where they can quickly create , test and deploy web applications
using browser based software development tools.
Eg: azue, google apps.
SAAS:
Provides complete business applications over web.
Eg: gmail, fb, linkedin
Download the PDF
Four Deployment Models in Cloud:
1.Private cloud
2.Community Cloud
3.Public cloud
4.Hybrid Cloud
Private cloud:
#A Cloud infrastructure operated solely for a
single organization
#It can be managed internally or by a third
party
#it can be hosted internally or externally
#organization taking responsibility of their
data
#organization cn enable pooling and sharing
of computing resources across different applications, departments or business
units
#Require significant up-front development
costs, data centre costs, ongoing maintenance, hardware, software and internal
expertise
Community Cloud :
#Community clouds are used by distinct groups
( Or shared communities) of organizations that have shared concerns such as
compliance or security considerations.
#The Computing infrastructures may be
provided by internal or third party suppliers
#The communities benefit from public cloud
capabilities but they also know who their neighbour are so they have fewer
fears about security and date protection.
PUBLIC CLOUD:
#the computing resources are shared with the
providers other customers
# No awareness of their neighbours
Download the PDF
HYBRID CLOUD:
#It is a composition of two or more clouds
#Using public clouds for genera comouting
while customer data is kept within a private cloud, community cloud or a more
traditional IT infrastructure.
Who has
control in cloud?
The
following chart tells who has control in cloud Computing.
Risks in
Cloud as Stated by ENISA:
Loss of
Governance
Lock-in
Isolation
Failure
Compliance
risks
Management
interface compromise
Data
Protection
Insecure or
incomplete data deletion
Malicious
insider
Download the PDF
iSEC
Realistic Cloud Threats:
Authentication
Abuse
Operations
Breakdown
Misuse of Cloud-specific
Technology
General
Security Advantages:
Shifting
public data to an external cloud reduces the exposure of the internal sensitive
data
Cloud
homogeneity makes security auditing/ testing simpler
Clouds
enable automated security management
Redundancy/
Disaster recovery
General
Security Challenges:
Trusting the
vendor`s security Model
Customer`s
inability to respond to audit findings
Obtaining
support for investigations
Indirect
administrator accountability
Proprietary implementations
cat be examined
Loss of
physical control
Data Storage
Services:
Advantages
are,
Data
fragmentation and dispersal
Automated
replication
Provision of
data zones (eg. By country)
Encryption
at rest and in transit
Automated
data retention
Disadvantages
or undesired features are,
Isolation
management/ data multi-tenancy
Storage
controller
Exposure of
data to foreign governments
