Cloud and Virtualization
Cloud Storage
Cloud storage is a common term used to describe computer storage provided over a network. One of the characteristics of cloud storage is transparency to the end user. Cloud storage offers much to the user: improvements in performance, scalability, flexibility, security, and reliability, among other items. These improvements are a direct result of the specific attributes associated with how cloud services are implemented. The specific challenge is how to allow data to be stored outside your enterprise and yet remain in control over the use of the data. The common answer is encryption. By properly encrypting its data before transferring it to cloud storage, an organization can ensure that the data is stored securely with the cloud service provider.
On-Premise vs. Hosted vs. Cloud
On-premises (or on-premise according to CompTIA) means the system resides locally in the building of the organization. Whether a VM, storage, or even services, if the solution is locally hosted and maintained, it is referred to as on-premises. The advantage is that the organization has total control and generally high connectivity. The disadvantage is that it requires local resources and is not as easy to scale. Hosted services refers to having the services hosted somewhere else, commonly in a shared environment. Using third-party services for hosted services provides you a set cost based on the amount you use. This has cost advantages, especially when scale is included—does it make sense to have all the local infrastructure, including personnel, for a small, informational-only website?
Security as a Service
Security as a Service is the outsourcing of security functions to a vendor that can offer advantages in scale, costs, and speed. Effective security requires technically savvy security pros, experienced management, specialized hardware and software, and fairly complex operations, both routine and in response to incidents. Any or all of this can be outsourced to a security vendor, and firms routinely examine vendors for solutions where the business economics makes outsourcing attractive.
Cloud Access Security Broker (CASB)
Security policy enforcement points between cloud service providers and their customers to ensure that enterprise security policies are maintained as the cloud-based resources are utilized. CASB vendors provide a range of security services designed to protect cloud infrastructure and data.
VM Sprawl Avoidance
Sprawl is the uncontrolled spreading and disorganization caused by lack of an organizational structure when many similar elements require management. Just as you can lose track of a file in a large file directory and have to hunt for it, you can lose track of a VM among many others that have been created. As the number of VMs grows rapidly over time, sprawl can set in. VM sprawl is a symptom of a disorganized structure. An organization needs to implement VM sprawl avoidance through policy.
VDI/VDE
Virtual desktop infrastructure (VDI) and virtual desktop environment (VDE) are terms used to describe the hosting of a desktop environment on a central server. VDI refers to all the components needed to set up the environment. VDE is what the user sees, the actual user environment. This means that a user can move from machine to machine and have a singular environment following her around. And since the end-user devices are just simple doors back to the server instance of the user's desktop, the computing requirements at the edge point are considerably lower and can be provided on older machines.
VM Escape Protection
When multiple VMs are operating on a single hardware platform, one concern is VM escape, where software, either malware or an attacker, escapes from one VM to the underlying OS. Once the VM escape occurs, the attacker can attack the underlying OS, or resurface in a different VM.
