Security
Reader small image

You're reading from  Information Security Handbook

Product typeBook
Published inDec 2017
Publisher
ISBN-139781788478830
Edition1st Edition
Concepts
Information Security
Right arrow
Author (1)
Darren Death
Darren Death
author image
Darren Death

Darren Death is ASRC Federal's Chief Information Security Officer. He is responsible for managing the enterprise cybersecurity program across a 3 billion-dollar portfolio of business sectors, including financial services, government contracting, and construction. A proven technology leader with over 20 years of experience deploying enterprise systems for large private and public organizations, Darren Death has led, designed, and implemented large-scale, organizational-wide enterprise IT systems with far-reaching impact. Before joining ASRC Federal, while at the Department of Justice, he was responsible for creating a nationwide enterprise processing capability across the US Attorney, Marshalls Service, and the Bureau of Alcohol, Tobacco, and Firearms divisions. At the Library of Congress, Darren was responsible for all emerging technologies related to information security. He holds a doctoral degree in information technology, specializing in information assurance and cybersecurity.
Read more about Darren Death

Right arrow

Chapter 11. Cloud Security Consideration

Cloud computing enables on-demand and ubiquitous access to a shared pool of configurable, outsourced computing resources, such as:

  • Networks
  • Servers
  • Storage
  • Applications

These services can be rapidly provisioned and released with little effort from the organization or cloud service provider.

Cloud computing characteristics

  • Rapid elasticity: Cloud computing resources can be elastically provisioned and released. They can be scaled in the following ways:
    • Manual scaling: This is where the organization's operations team anticipates future workloads in the cloud environment and adds resources manually to support the organization's mission.
    • Semi-automated scaling: This type of scaling still requires forecasting to ensure that resources exist and are built to support an organization's information system. Based on system events, new services, such as virtual servers to take the application's load, will be initialized.
    • Fully-automated (elastic) scaling: This type of scaling allows an organization to increase or reduce capacity without the need to perform the manual labor and configuration necessary to establish the infrastructure ahead of time.

The organization has the capability of controlling the elasticity of the system so that the system does not grow out of control, causing a great...

Cloud computing service models

There are three main cloud computing service models that we will be covering in this chapter. These three models provide the basis for the services provided by cloud computing service providers.

Infrastructure as a Service – IaaS

Infrastructure as a Service (IaaS) is a cloud computing service model where a provider delivers virtualized IT infrastructure resources over the internet:

The organization manages:

  • Server operating systems
  • Data storage
  • Applications deployed to servers, such as:
    • Web-based enterprise applications
    • Database servers
    • Management agents, such as host intrusion prevention

The cloud computing service manages the underlying cloud infrastructure, which includes:

  • Processing
  • Physical storage
  • Networks

Platform as a Service – PaaS

Platform as a Service (PaaS) is a cloud computing service model where a provider delivers hardware and software typically with the goal of supporting an organization's application development and hosting needs over the internet:

The organization...

Cloud computing deployment models

The cloud computing deployment model will vary depending on your organization's unique business and mission requirements. The various deployment models bring their unique advantages, disadvantages, and information security challenges.

Public cloud

In this model, the cloud computing infrastructure is utilized by the public in a multitenant environment over the internet:

The service provider makes resources available, such as:

  • Virtual machines (VMs)
  • Applications
  • Storage
  • And so on

The cloud computing provider may be owned, managed, and operated by a business, academic, or government organization, or a combination of the three.

Private cloud

In this model, the cloud computing infrastructure is provisioned for exclusive use by a single organization, as illustrated in the following image:

The cloud computing provider may be:

  • Owned, managed, and operated by the organization, a third party, or a combination of the two
  • It may exist on or off premises

Community cloud

In this model...

Cloud computing management models

The mechanism that you use to manage your cloud infrastructure must be well thought out and planned in order for your cloud implementation to be successful.

Managed service provider

A managed service provider (MSP) ensures that an organization's IT assets are operated and maintained. Some examples of these assets are:

  • IT infrastructure (servers, network gear)
  • Enterprise applications (e-commerce, databases)
  • End user computing (workstations, management infrastructure)
  • Security operations (SIEM, vulnerability scanning)

In the case of a cloud service, an MSP will ensure that services like these are maintained if they exist in a cloud environment, as well as provide services to manage the cloud infrastructure itself. If an organization lacks the experience or personnel to manage a cloud service, an MSP can be contracted to manage the cloud environment for the organization.

Cloud service provider

A cloud service provider (CSP) is the actual service provider of the cloud...

Cloud computing special consideration

While the prevalent marketing hype that surrounds cloud technologies can make it sound easy to move to the cloud, the reality is that moving to the cloud can be very difficult from a business, technical and security perspective. It is easy to become complacent as you move to the cloud, but you must resist this temptation.

Cloud computing data security

The security of your organization's data is a key concern for your organization and the information security program. This does not change as you move your organization's data into the cloud. Moving your organization's IT infrastructure to the cloud will present you with many decisions around how to best secure your organization's information, such as those detailed in the following sections.

Data location

There are multiple concerns in data location that you need to consider when you approach your cloud computing services architecture. Some considerations include:

  • Do your compliance requirements require your...

Summary

In this chapter, you learned about cloud architecture and the considerations that go into planning out an effective and secure cloud implementation for your organization. Additionally, we discussed:

  • Characteristics related to cloud computing
  • Service, deployment, and management models utilized by cloud service providers
  • Special considerations related to cloud data security

In the next chapter, we will be discussing information and data security best practices, and we will provide you with an understanding of many of the best practices needed to support effective IT hygiene in your organization's enterprise network

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 18 of 19
Next Chapter
You have been reading a chapter from
Information Security Handbook
Published in: Dec 2017Publisher: ISBN-13: 9781788478830
© 2017 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Darren Death

Darren Death is ASRC Federal's Chief Information Security Officer. He is responsible for managing the enterprise cybersecurity program across a 3 billion-dollar portfolio of business sectors, including financial services, government contracting, and construction. A proven technology leader with over 20 years of experience deploying enterprise systems for large private and public organizations, Darren Death has led, designed, and implemented large-scale, organizational-wide enterprise IT systems with far-reaching impact. Before joining ASRC Federal, while at the Department of Justice, he was responsible for creating a nationwide enterprise processing capability across the US Attorney, Marshalls Service, and the Bureau of Alcohol, Tobacco, and Firearms divisions. At the Library of Congress, Darren was responsible for all emerging technologies related to information security. He holds a doctoral degree in information technology, specializing in information assurance and cybersecurity.
Read more about Darren Death

Other recommended products

Related to this chapter

Infosec Strategies and Best Practices

Infosec Strategies and Best Practices

Information security strategies and best practices help in filling the gap that exists between theory and reality. The book starts by showing you how to implement risk management and governance structures into your organization and goes on to cover the best methods for operationalizing your information security strategy.

BookMay 2021272 pages
Hands-On Security in DevOps

Hands-On Security in DevOps

Hands-On Security in DevOps explores how the techniques of DevOps and Security should be applied together to make cloud services safer. By the end of this book, readers will be ready to build security controls at all layers, monitor and respond to attacks on cloud services, and add security organization-wide through risk management and training.

BookJul 2018356 pages
CISA – Certified Information Systems Auditor Study Guide

CISA – Certified Information Systems Auditor Study Guide

CISA - Certified Information Systems Auditor Study Guide offers complete, up-to-date coverage of the CISA exam so you can take them with confidence, fully equipped to pass first time. Written in a clear, succinct way with self-assessment questions, exam tips and mock exams with detailed answer explanations, this book covers all 5 domains of CISA certification.

BookAug 2020590 pages
Practical Cyber Intelligence

Practical Cyber Intelligence

Cyber intelligence is the missing link between your cyber defense operation teams, threat intelligence, and IT operations to provide your organization with a full spectrum of defensive capabilities. This book kicks off with the need for cyber intelligence and why it is required in terms of a defensive framework.

BookMar 2018322 pages
Network Vulnerability Assessment

Network Vulnerability Assessment

Being able to identify security loopholes has become critical to many businesses. That's where learning network security assessment becomes very important. This book will not only show you how to find out the system vulnerabilities but also help you build a network security threat model.

BookAug 2018254 pages
CISSP (ISC)² Certification Practice Exams and Tests

CISSP (ISC)² Certification Practice Exams and Tests

With over 1000 practice questions, explanations of all 8 domains, and 2 full exams, this book is a fantastic exam prep solution. Take the CISSP exam (version May 2021) confidently with the help of mock questions and detailed solutions and validate your skills with the CISSP (ISC)2 certification.

BookSep 2021396 pages
Network Security Strategies

Network Security Strategies

After prominent market leaders have been impacted by advanced cyber threats, network security has become a top priority in terms of successfully keeping attackers from breaching networks. This book will help you design a robust network security ecosystem that helps prevent traditional and new and evolving attacks.

BookNov 2020390 pages
Security+® Practice Tests

Security+® Practice Tests

Get ready to pass your CompTIA Security+ certification exam with the elaborate and complete practice that Security+? Practice Tests will provide you. From detailed explanations of the six domains to full-length practice tests, you’ll gain complete knowledge of what this test contains and how to ace it.

BookOct 2019390 pages
Digital Forensics and Incident Response

Digital Forensics and Incident Response

The staggeringly high number of security breaches reported in the last several years stresses the importance of an organization's ability to respond to attacks promptly. With this book, you'll learn forensic techniques and incident response fundamentals to investigate such incidents in your organization.

BookJul 2017324 pages
CCNA Security 210-260 Certification Guide

CCNA Security 210-260 Certification Guide

With a CCNA Security certification, you can demonstrate the skills required to develop a security infrastructure, recognize threats to networks, and mitigate security threats. Geared towards Cisco Security, the practical aspects of this book will help you clear the CCNA Security Exam (210-260) by increasing your knowledge of Network Security.

BookJun 2018518 pages
Digital Forensics and Incident Response

Digital Forensics and Incident Response

An understanding of how digital forensics integrates with the overall response to cybersecurity incidents is a must for all organizations. This book offers concrete and detailed guidance on how to conduct the full spectrum of incident response and digital forensic activities.

BookJan 2020448 pages
Architecting Cloud Computing Solutions

Architecting Cloud Computing Solutions

Cloud adoption is a core component of digital transformation. Scaling the IT environment, making it resilient, and reducing costs are what organizations want. Architecting Cloud Computing Solutions presents and explains the critical Cloud solution design considerations and technology decisions required to choose and deploy the right Cloud service and deployment models based on your business and technology service requirements.

BookMay 2018378 pages

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages