Module 1 Section 1-1
Cross-Platform
Cloud services can be accessed and used from devices running different operating systems
Google Cloud Platform (GCP)
Google's collection of public cloud computing services, designed to take advantage of Google's own extensive physical infrastructure around the globe.
Security skills
Maintaining a protective perimeter around the on-perm data center, managing traffic into and out of that secure perimeter.
Document findings, actions, and outcomes
Most organizations keep a knowledge base of some kind for systematic documentation. Be sure to use professional communication skills, such as good grammar and thorough explanations, so that your document will be easy for others to use later on.
ISMS(Information Security Management System)
People, processes, and IT systems are all secured through a risk management process, an organization can become ISO/IEC 27001 certified by meeting these requirements, as determined by an audit conducted by an accredited certification body.
Security
Security functions in the cloud include perimeter security (firewalls, IPS/IDS, and proxies for the virtual network), identity management, certificate or key management, authentication services, access controls, and token or federation services.
On-demand self-service
The ability to add, adjust, or remove cloud services at any time by the service subscriber or other users.
Measured Sevice
The ability to charge for cloud resource usage according to an incremented schedule based on the type of service being used.
Broad Network Access
The ability to connect to cloud-hosted resources from anywhere on the Internet using a variety of device types.
Storage
The storage function covers cloud services that store or preserve data. This is a large category that is often subdivided into smaller categories, including database (which is arguably a completely separate category from storage), block storage, object storage, file storage, data optimization services such as data footprint reduction (DFR), and data protection services such as backup, High Availability (HA), and disaster recovery (DR).
GDPR (General Data Protection Regulation)
A European Union law establishing broad-reaching data protection standards for any information that could be tied to a single individual.
HIPAA (Health Insurance Portability and Accountability Act)
A United States law that, among other things, established data protection standards for medical information.
Cloud service providers (CSPs)
A business that offers one or more cloud services to other businesses or individuals.
Tenants
A cloud customer whose cloud services are running on specific hardware.
SLA (Service Level Agreement)
A contract defining service standards from a telecommunications company to is customer and options for recourse should those services levels not be met.
DevOps (developmental operations)
A cultural shift toward continuous collaboration between development teams and operations teams that brings highly responsive application updates.
PCI DSS (Payment Card Industry Data Security Standard)
A data protection standard applying to any company that accesses, stores, processes, or transmits credit card information.
Hybrid Cloud
A deployment model in which both private and public clouds or both cloud- based and on-perm services are used simultaneously.
Community cloud
A deployment model in which flexible data storage, applications or services are managed centrally by an organization or service provider on hardware dedicated to a specific group or organizations. Used by multiple organizations with similar concerns.
Private Cloud
A deployment model in which flexible data storage, applications, or services are managed centrally by an organization or service provider on hardware dedicated to that one organization.
Public cloud
A deployment model in which shared and flexible data storage, applications, or services are managed centrally by service providers.
VMware
A leading provider of data center virtualization solutions such as vSphere and ESXi, VMware is also a respectable force in the cloud market. VMware Cloud allows an organization to create a private cloud in its own data center.
NDA (Non-Disclosure Agreement)
A legal agreement designed to restrict sharing of proprietary information by employees, partners, vendors, or customers.
NIST (National Institute of Standards and Technology
A nonregulatory agency of the U.S. Department of Commerce that sets, promotes, and measures many technology standards.
CRM (Customer Relationship Management)
A product that assists a business with managing data from interactions with customers, potential customers, vendors, and associates.
SOC(Service Organization Control) reports
A report produced by an audit performed according to the standards defined by SSAE 18.
APIs (application programming interface)
A request made in a specific format to a program.
SSAE 18(Statement on Standards for Attestation Engagements No. 18)
A standard used to determine an organization's compliance with appropriate audit regulations, guidelines, and requirements.
Amazon Web Services (AWS)
A subsidiary of Amazon headquartered in Seattle, WA and provides extensive cloud computing services to businesses and individuals.
VPN (Virtual Private Network)
A virtual connection between two geographically distant locations that provides access to network resources between a client and a remote network, two remote hosts over the Internet.
PaaS Security Concerns (cont.)
Administrative/root access: Public cloud services, by definition, have multiple tenants using shared hardware and network resources. PaaS providers must ensure that customers don't have administrative or root access to servers running PaaS instances. This will prevent tenants from accessing each other's services and prevent hackers from using unauthorized access to one tenant's resources to then access those of another tenant.
Test the theory to determine cause
After you have confirmed your theory, decide what steps you should take next. If you can't confirm your theory, try again or escalate the problem to the next support tier.
IaaS (Infrastructure as a Service)
Allows consumers to deploy a cloud-based network with services such as storage, user desktops, network infrastructure devices (such as routers and load balancers), network security devices ( such as DNS and authentication). The consumer does not control the underlying hardware but can manage the operating systems, applications, and virtual devices.
Cloud Bursting
An application configuration where a privately hosted application temporarily relies on cloud resources to accommodate spikes in demand.
PaaS (Platform as a Service)
An intermediate level of cloud capability that allows consumers to deploy applications on various platforms without having to manage the lower-layer infrastructure such as the network, servers or storage.
PaaS Security Concerns
Application Configurations: Customers generally subscribe to PaaS for the purpose of developing and hosting their own applications. The built-in security of these applications is a continuous concern for developers, with the need to ensure that applications can't be improperly reconfigured by hackers and don't release data to unauthorized users.
SaaS Security Concerns (cont.)
Application access: Even when data is properly encrypted, it can still be compromised through social engineering attacks that result in unauthorized access to the SaaS products used to manage that data. Attacks such as phasing, Trojan horses, keyloggers are major concerns.
Microsoft Azure
Azure is the cloud computing arm of Microsoft's enterprise technologies. It was designed for compatibility with Microsoft's other tools, Azure also supports many other operating systems and cloud products.
Alibaba Cloud
Based in Hangzhou, China, Alibaba Cloud is a relative newcomer and yet offers a fast growing public cloud platform primarily to Asian markets. Alibaba Cloud's parent company, Alibaba Group Holding Ltd., is the largest online commerce company in China and recently surpassed Walmart Stores, Inc, as the largest global retailer.
Oracle Cloud
Based in Redwood Shores, CA, Oracle is known primarily for is database software. In 2010, Oracle began rebranding its existing Oracle On Demand sevices, which allowed for running Oracle applications in an internet browser, and adding new cloud computing services, all under the Oracle Cloud umbrella.
Establish a theory of probable cause
Beginning with the symptoms, look for internal and external clues for what might be causing the problem. Remember that the cause is not always complex - question the obvious.
Adaptive, intelligent security
Cloud computing increasingly takes advantage of AI (artificial intelligence) technology to improve built-in security defenses.
Self-patching/Self-healing infrastructure
Cloud computing is automated, a cloud network can patch or repair itself when encountering certain typed of problems.
Management services
Cloud platforms include a variety of management and monitoring tools including dashboards (such as OpenStack's Horizon or Amazon's QuickSight), monitoring services (such as Google's Stackdriver or Amazon's CloudWatch), and data analytics services (such as Amazon's Kinesis or Google's Cloud Machine Learning).
Troubleshooting Steps
CompTIA troubleshooting methodology
SaaS Security Concerns
Data Security: Data created, stored, and accessed through SaaS solutions must be encrypted both at rest (when stored) and in transit (as it travels between the CSP and the consumer).
ISO/IEC 27001
Developed by ISO(International Organization for Standardization) and the IEC(International Electrotechnical Commision), the standard provides and overarching model for organizations to use in keeping information secure.
Establish a plan of action to resolve the problem and implement the solution
Don't make any changes without first considering corporate policies and procedures and the impact the change might have on other systems. Keep in mind that some changes must first be approved at higher levels.
Cloud Practitioner
Entry-level AWS certification is appropriate for professionals in technical, managerial, sales, purchasing or financial roles.
Microsoft Certified Azure Fundamentals
Entry-level Azure certification is appropriate for candidates with non-technical backgrounds or Fer technical professionals validating foundational knowledge of cloud services.
Associate Cloud Engineer
Entry-level GCP certification covers setting up, deploying, and securely operating a cloud solution.
Eucalyptus
Eucalyptus (Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems) is a partially open-source platform that is designed specifically for building private or hybrid clouds to interact with AWS products. Originally developed by researchers at the University of California, Eucalyptus became a for-profit business in 2009 and is now managed by Eucalyptus Systems, Inc.
GCP (Google Cloud Platform)
GCP is hosted on the same infrastructure as other Google products, it brings IaaS and PaaS services to Google's extensive line of cloud products, such as the G Suite collection. App Engine, first released in 2008 and providing basic web application hosting, was Google's first entry into the public cloud computing market. Soon after, Google began adding other cloud services, which are now collectively referred to as Google Cloud Platform.
IBM Cloud
IBM Cloud is a rebranding of earlier services from SoftLayer, which IBM acquired in 2013, and own Beaunix products. IBM was originally built on the open-source Cloud Foundry, which was originally developed by VMware.
IaaS Security Concerns
IaaS customers must consider similar security concerns as when running their own, on-prem infrastructure. This includes compliance regulations, audit requirements, and identity management in addition to all the other concerns previously listed. IaaS customers have no control over the hardware underlying their cloud infrastructure, they must ensure that the CSP complies with standards common to the customer's industry.
AWS Certified SysOps Administrator - Associatea
Intermediate AWS cert focuses on creating automated deployments of applications, networks, and systems in AWS. The related advanced cert is AWS Certified DevOps Engineer - Professional.
AWS Certified Solutions Architect - Associate
Intermediate AWS certification focuses on designing applications and systems in AWS. The related advanced cert is AWS Certified Solutions Architect - Professional.
Professional Cloud Architect
Intermediate GCP certification focuses on designing, managing, optimizing, and securing a cloud solution architecture.
Microsoft Certified Azure Administrator Associate
Intermediate Microsoft Certification focuses on implementing, monitoring, and maintaining Azure-based cloud solutions. Candidates must take two exams.
OpenStack
It is helpful to know OpenStack because it is one of the most popular private cloud platforms. It is an open-source cloud computing platform designed by Rackspace and NASA to create do-it-yourself compute, storage, and networking cloud services. OpenStack can be deployed on the company's own data center, through an OpenStack-based public cloud, or in a hosted OpenStack private cloud.
Preventative measures tips
Maintain good monitoring and analysis techniques. Thoughtfully configure your dashboards to show the most helpful information. Follow good change management processes. Understand your cloud services and how to identify where problems are likely to occur, how to locate those problems, and how to best address them.
Verify full system functionality, and, if applicable, implement preventative measures
May include educating the user.
Azure cloud Platform
Microsoft's cloud computing platform that is designed for optimal compatibility with existing Microsoft products.
Network
Network functions provide ways of moving data within the cloud or between networks and resources. Included in this category are options for configuring network functions such as connection configurations, subnets, IP addressing, VPN, trunk lines, DHCP services, load balancing, and more. Other tools include migration resources and content delivery products.
CSP (Cloud Service Provider)
Offers a variety of cloud services, some specific to a particular market niche, and others more generalized to meet a wider base of consumer needs.
Compute
Refers to cloud functions that process data in some way. This typically refers primarily to running VMs and applications in the cloud and can also refer to developer tools used to create, test, and deploy applications. When working with compute services, you'll find many options for configuring the virtualize hardware on which these processes run - such as CPU cores, memory size, and I/O (input/output) compatibility. Grouped under the computer category, you might also find tools related to these processes, even though these tools might technically perform functions from other categories.
Rapid Elasticity
The ability to scale cloud resources up or down according to demand.
Resource Pooling
The availability of physical and virtual cloud resources to multiple subscribers according to consumer demand without regard for geographic location.
Mergers
The blending of two organizations onto a single organization.
Orchestration
The design, development, and optimization of automation processes.
Virtualization
The emulation of part or all of a computer or network.
AWS
The market-leading cloud provider. The first major contender in the market. AWS (Amazon Web Services) is a subsidiary of Amazon and was founded in 2006. AWS offers a huge line of cloud computing products with more options frequently.
SaaS (Software as a Service)
The provision of software through the cloud. Applications can be accessed from different types of devices without having to manage any of the underlying infrastructure such as the network, servers, operating systems, or storage.
Acquisitions
The purchase or take-over of one organization by another.
Divestures
The separation of part of an organization where that part becomes its own entity or is sold, traded, or otherwise disposed of.
Automation
The use of technology to perform a process or procedure with minimal human intervention.
Identify the Problem
This includes questioning the user and identifying any changes the user has made recently to the computer. Also, back up data on the computer or other system before making any other changes to it yourself.
Application components
Tools from many of these categories can be used for building and hosting cloud-based applications. Cloud services optimized for app development might also be e-commerce, machine learning, and mobile services.
Storage (cont.)
Virtualize options exist for hardware, such as choosing SSDs or HDDs of various speeds and storage capacities, RAID options, data transfer speeds, and storage protocols (such as Ethernet, iSCSI, or InfiniBand, which bleeds over into networking concepts), as well as pricing options for accessing stored data.
DIY Cloud Computing
You can host your own private cloud using cloud management software of some kind.
