Most cloud providers attempt to create a secure cloud for customers. Their business model hinges on preventing breaches and maintaining public and customer trust. Cloud providers can attempt to avoid cloud security issues with the service they provide, but can’t control how customers use the service, what data they add to it, and who has access. Customers can weaken cybersecurity in cloud with their configuration, sensitive data, and access policies. In each public cloud service type, the cloud provider and cloud customer share different levels of responsibility for security. By service type, these are: Show
Within all types of public cloud services, customers are responsible for securing their data and controlling who can access that data. Data security in cloud computing is fundamental to successfully adopting and gaining the benefits of the cloud. Organizations considering popular SaaS offerings like Microsoft Office 365 or Salesforce need to plan for how they will fulfill their shared responsibility to protect data in the cloud. Those considering IaaS offerings like Amazon Web Services (AWS) or Microsoft Azure need a more comprehensive plan that starts with data, but also covers cloud app security, operating systems, and virtual network traffic—each of which can also introduce potential for data security issues. IaaS IaaS is on-demand access to cloud-hosted computing infrastructure - servers, storage capacity and networking resources - that customers can provision, configure and use in much the same way as they use on-premises hardware. The difference is that the cloud service provider hosts, manages and maintains the hardware and computing resources in its own data centers. IaaS customers use the hardware via an internet connection, and pay for that use on a subscription or pay-as-you-go basis. Typically IaaS customers can choose between virtual machines (VMs) hosted on shared physical hardware (the cloud service provider manages virtualization) or bare metal servers on dedicated (unshared) physical hardware. Customers can provision, configure and operate the servers and infrastructure resources via a graphical dashboard, or programmatically through application programming interfaces (APIs). IaaS can be thought of as the original 'as a service' offering: Every major cloud service provider - Amazon Web Services, Google Cloud, IBM Cloud, Microsoft Azure - began by offering some form of IaaS. Benefits of IaaS Compared to traditional IT, IaaS gives customers more flexibility build out computing resources as needed, and to scale them up or down in response to spikes or slow-downs in traffic. IaaS lets customers avoid the up-front expense and overhead of purchasing and maintaining its own on-premises data center. It also eliminates the constant trade-off between the waste of purchasing excess on-premises capacity to accommodate spikes, versus the poor performance or outages that can result from not having enough capacity for unanticipated traffic bursts or growth. Other benefits of IaaS include:
IaaS use cases Common uses of IaaS include:
PaaS PaaS provides a cloud-based platform for developing, running, managing applications. The cloud services provider hosts, manages and maintains all the hardware and software included in the platform - servers (for development, testing and deployment), operating system (OS) software, storage, networking, databases, middleware, runtimes, frameworks, development tools - as well as related services for security, operating system and software upgrades, backups and more. Users access the PaaS through a graphical user interface (GUI), where development or DevOps teams can collaborate on all their work across the entire application lifecycle including coding, integration, testing, delivery, deployment, and feedback. Examples of PaaS solutions include AWS Elastic Beanstalk, Google App Engine, Microsoft Windows Azure, and Red Hat OpenShift on IBM Cloud. Benefits of PaaS The primary benefit of PaaS is that it allows customers to build, test, deploy run, update and scale applications more quickly and cost-effectively than they could if they had to build out and manage their own on-premises platform. Other benefits include:
PaaS use cases PaaS can advance a number of development and IT initiatives including:
SaaS SaaS (sometimes called cloud application services) is cloud-hosted, ready-to-use application software. Users pay a monthly or annual fee to use a complete application from within a web browser, desktop client or mobile app. The application and all of the infrastructure required to deliver it - servers, storage, networking, middleware, application software, data storage - are hosted and managed by the SaaS vendor. The vendor manages all upgrades and patches to the software, usually invisibly to customers. Typically, the vendor ensures a level of availability, performance and security as part of a service level agreement (SLA). Customers can add more users and data storage on demand at additional cost. Today, anyone who uses a or mobile phone almost certainly uses some form of SaaS. Email, social media, and cloud file storage solutions (such as Dropbox or Box) are examples of SaaS applications people use every day in their personal lives. Popular business or enterprise SaaS solutions include Salesforce (customer relationship management software), HubSpot (marketing software), Trello (workflow management), Slack (collaboration and messaging), and Canva (graphics). Many applications designed originally for the desktop (e.g., Adobe Creative Suite) are now available as SaaS (e.g., Adobe Creative Cloud). Benefits of SaaS The main benefit of SaaS is that it offloads all infrastructure and application management to the SaaS vendor. All the user has to do is create an account, pay the fee and start using the application. The vendor handles everything else, from maintaining the server hardware and software to managing user access and security, storing and managing data, implementing upgrades and patches and more. Other benefits of SaaS include:
Some SaaS vendors even enable customization of their product by providing a companion PaaS solution. One well-known example is Heroku, a PaaS solution for Salesforce. SaaS use cases Today, just about any personal or employee productivity application is available as SaaS; specific use cases are too numerous to mention (some are listed above). If an end user or organization can find a SaaS solution with the required functionality, in most cases it will provide a significantly simpler, more scalable and more cost-effective alternative to on-premises software. SaaS vs. PaaS vs. IaaS: management ease vs. control SaaS, Paas, IaaS are not mutually exclusive; most organizations use more than one, and many larger organizations today use all three, often in combination with traditional IT. Obviously, the as-a-service solution a customer chooses depends first on the functionality the customer requires, and the expertise it has on staff. For example, an organization without the in-house IT expertise for configuring and operating remote servers isn't well matched to IaaS; an organization without a development team has no need for PaaS. But in some cases, any of the three 'as-a-service' models will offer a viable solution. In these cases, organizations typically compare the alternatives based on the management ease they offer, vs. the control they give up. For example, suppose a large organization wants to deliver a customer relationship management (CRM) application to its sales team. It could:
IaaS, SaaS, PaaS and IBM Cloud IBM has a broad menu of IaaS, PaaS and SaaS offerings to meet your company’s needs up and down the stack. IBM’s rich and scalable PaaS solutions help organizations develop cloud native applications from scratch, or modernize existing applications to benefit from the flexibility and scalability of the cloud. IBM also offers a full IaaS layer of virtualized compute, network, and storage within our full-stack cloud platform, and more than 150 SaaS business applications to help you innovate. Who is responsible for security in the guest OS of an IaaS model?With an IaaS model, the vendor is responsible for security of the physical data centers and other hardware that power the infrastructure -- including VMs, disks and networks. Users must secure their own data, operating systems and software stacks that run their applications.
Which of the following is a primary concern of security in the cloud?Challenges in cloud security
The primary concern on cloud security is centered mainly on access and data, as this lies with you. You must understand what data is being stored on the cloud, the level of protection that the cloud provider offers, and who has access to the data within the organization or outside.
Which of the following SSAE audit review types contains information about the organization's controls for assuring the confidentiality integrity and availability of data?SSAE18 SOC 2 is a detailed report on the controls of a service organization's systems used to process customer data and the confidentiality and privacy of the information processed by these systems. This report provides assurance of the security, availability, and process integrity of these systems.
Which of the following cloud services does the customer have the most responsibility?Of the three deployment options, SaaS places the most responsibility on the CSP. With the CSP managing the entire infrastructure as well as the applications, customers are only responsible for managing data, as well as user access/identity permissions.
|