Exam 1 ISDS 3130

Cloud based IT resource access

- Internal end user devices access corporate IT services through an internet connection. - Internal users access corporate IT services while roaming in external networks through the cloud provider's internet connection. - External users access corporate IT services through the cloud provider's internet connection.

On Premise IT resource access

- Internal end user devices access corporate IT services through the corporate network. - Internal users access corporate IT services through the corporate internet connection while roaming in external networks - External users access corporate IT services through the corporate internet connection.

Re-factoring

-Adding new features now that the resource is in the cloud

Scalability

-Allows for traffic spikes and minimizes delays.

Elasticity

-Allows for workload changes by provisioning and de-provisioning resources in an autonomic manner, such that at each point in time the available resources match the current demand as closely as possible

Repurchasing

-Complete change of the resource from on-premise to the cloud (e.g. on-premise CRM to Salesforce)

Local Area Network (LAN)

-Covers a small, clearly defined area -Might contain a single floor or work area or single building -When LANs use wireless circuits, they are called Wireless Local Area Networks (WLAN)

Retain

-Do nothing (for now)

Backbone Network (BN)

-High-speed networks connecting other networks together -May span hundreds of feet to several miles

Wide Area Networks (WANS)

-Largest geographic scope -Often composed of leased circuits -May spans hundreds or thousands of miles

•Resiliency

-Mirrored solutions to minimize downtime in the event of a disaster -Gives businesses the sustainability they need during unanticipated events. - Within cloud computing, the characteristic of resiliency can refer to redundant IT resources within the same cloud (but in different physical locations) or across multiple clouds

Preventative

-Mitigate or stop a person from acting or an event from occurring -Act as a deterrent by discouraging or restraining

Replatforming

-Move resources from in-house to the cloud, but optimize for the cloud

Rehosting

-Move resources from in-house to the cloud, with no changes

Multipoint circuit

-Multipoint circuits are most commonly used in wireless today. - Connects one server to multiple client computers

•Homogeneity

-No matter which cloud provider and architecture an organization uses, an open cloud will make it easy for them to work with other groups, even if those other groups choose different providers and architectures.

Point-to-Point circuit

-Point-to-Point circuits include most wired connections today. - Circuit connects one server to one client computer

Corrective

-Remedy an unwanted event or intrusion

Detective

-Reveal or discover unwanted events (e.g., auditing) -Documenting events for potential evidence

Retire

-Shut down legacy system

Three elements in CIA Triad?

1. Confidentiality 2. Integrity 3. Availability

Two Types of Media access?

1. Contention access 2. Controlled access

Three types of network controls?

1. Preventative 2. Detective 3. Corrective

Risk Management steps

1. Risk Assessment 2. Risk Treatment 3. Risk Control

Cloud consumer

A cloud consumer is an organization (or a human) that has a formal contract or arrangement with a cloud provider to use IT resources made available by the cloud provider.

Cloud resource administrator

A cloud resource administrator is the person or organization responsible for administering a cloud-based IT resource (including cloud services). The cloud resource administrator can be (or belong to) the cloud consumer or cloud provider of the cloud within which the cloud service resides.

Community cloud

A community cloud is similar to a public cloud except that its access is limited to a specific community of cloud consumers. The community cloud may be jointly owned by the community members or by a third-party cloud provider that provisions a public cloud with limited access.

Hybrid cloud

A hybrid cloud is a cloud environment comprised of two or more different cloud deployment models. For example, a cloud consumer may choose to deploy cloud services processing sensitive data to a private cloud and other, less sensitive cloud services to a public cloud.

Malicious Service Agent

A malicious service agent is able to intercept and forward the network traffic that flows within a cloud (Figure 6.5). It typically exists as a service agent (or a program pretending to be a service agent) with compromised or malicious logic.

Private cloud

A private cloud is owned by a single organization. Private clouds enable an organization to use cloud computing technology as a means of centralizing access to IT resources by different parts, locations, or departments of the organization.

Public cloud

A public cloud is a publicly accessible cloud environment owned by a third-party cloud provider. The IT resources on public clouds are usually provisioned via the previously described cloud delivery models and are generally offered to cloud consumers at a cost or are commercialized via other avenues (such as advertisement).

Trusted Attacker

A trusted attacker shares IT resources in the same cloud environment as the cloud consumer and attempts to exploit legitimate credentials to target cloud providers and the cloud tenants with whom they share IT resources.

An organization where nearly all significant business processes enable a partnership with customers, suppliers, and employees that goes beyond traditional organizational boundaries is the definition of: A. A social firm B. A digital firm C. A cloud-based firm D. A platform firm

A. A social firm

The use of AWS is an example of: A. Public cloud B. Private cloud C. Public internet D. Hybrid cloud E. Cloud computing

A. Public cloud

Which of the following is not a trend that is shaping the modern business environment? A. The rise of the domestic economy B. The rise of the platform economy C. The emergence of the social firm. D. Exponential changed in technology.

A. The rise of the domestic economy

The golden rule of IT states: A. There is no such thing as an IT decision, just business decisions about IT. B. The strategy of a firm must align with how a company uses IT. C. The cloud is the golden ticket to the future of the company. D. A new business model means a new approach to IT for companies.

A. There is no such thing as an IT decision, just business decisions about IT.

Which of the following is not a reason why a company would embrace cloud computing? A. Transparency of how IT services are created. B. Economies of scale C. Utility-based pricing D. The availability of data and services everywhere.

A. Transparency of how IT services are created.

Anonymous Attacker

An anonymous attacker is a non-trusted cloud service consumer without permissions in the cloud (Figure 6.4). It typically exists as an external software program that launches network-level attacks through public networks.

IT resource

Any hardware, software, or interconnected system used to store, manage, access data/information.

Integrity

Assurance that data have not been altered or destroyed

In the information economy... A. IT was used to perform existing information work more quickly and efficiently. B. IT was used to manage work better C. IT made pervasive changes in the structure and operation of the economy. D. IT enabled network-based strategies.

B. IT was used to manage work better

The tenants of power in the current economic era is: A. Capital B. Knowledge C. Buildings D. Ideas E. A and C F. B and D

B. Knowledge

Virtualization Attack

Because cloud providers grant cloud consumers administrative access to virtualized IT resources (such as virtual servers), there is an inherent risk that cloud consumers could abuse this access to attack the underlying physical IT resources.

The most common organizational structure is: A. Simple form B. Machine Bureaucracy C. Divisionalized D. Adhocracy

C. Divisionalized

The central and productive asset for firms today is: A. Technology B. Cloud computing C. Knowledge D. Ideas E. Information

C. Knowledge

Capacity planning

Capacity planning is the process of determining and fulfilling future demands of an organization's IT resources, products, and services. Within this context, capacity represents the maximum amount of work that an IT resource is capable of delivering in a given period of time. • Lead Strategy - adding capacity to an IT resource in anticipation of demand • Lag Strategy - adding capacity when the IT resource reaches its full capacity • Match Strategy - adding IT resource capacity in small increments, as demand increases

Containerization?

Containerization is an operating system-level virtualization technology used to deploy and run applications and cloud services without the need to deploy a virtual server for each solution. Instead, they are deployed within containers. A cloud service running on a physical or virtual server operating system can see all of the provided resources, such as connected devices, ports, files, folders, network shares, CPUs, as well as the physical addressable memory. However, a cloud service running inside a container can only see the container's contents and devices attached to the container.

A physical or virtual IT-related artifact that can either be software or hardware-base defines: A. The cloud B. Infrastructure C. Architecture D. An IT resource E. Virtualization

D. An IT resource

The practice of using a network of remote servers hosted on the internet to store, manage, and process data defines: A. PAAS B. IAAS C. SAAS D. Cloud Computing

D. Cloud Computing

The person or organization responsible for administering a cloud-based IT resource is known as: A. Cloud consumer B. Cloud provider C. Cloud service owner D. Cloud resource administrator

D. Cloud resource administrator

A group of independent IT resources that are interconnected and work as a single system are known as a: A. Single tenant structure B. Multi-tenant structure C. Public cloud D. Cluster E. Resilient structure

D. Cluster

Which of the following characteristics of the cloud means that no matter which cloud provider you use, it is easy to work with other providers? A. Scalability B. Elasticity C. Resiliency D. Homogeneity

D. Homogeneity

A pro vertical scaling is: A. IT resources are instantly available B. Less expensive than horizontal scaling C. Not limited by hardware capacity D. No additional IT resources are needed

D. No additional IT resources are needed

To embrace a "cloud first" strategy means what? A. That the company will complete a mass migration of their IT infrastructure to the cloud. B. That a company has decided to rehost their current resources from in-house to the cloud. C. That a company has decided that all future initiatives will begin in the cloud. D. That a company is currently evaluating their opportunities in the cloud E. That a company is currently planning their portfolio in the cloud.

D. That a company is currently evaluating their opportunities in the cloud

There is backlash against the cloud for which of the following reasons? A. The cloud is heterogeneous and is not currently monopolized. B. The cloud decreases dependence upon other firms C. Data access policies are clearer in the cloud. D. The security and service ownership issues related to the cloud are complex in a cloud environment.

D. The security and service ownership issues related to the cloud are complex in a cloud environment.

Network Layer?

Deciding where the message goes 1.Addressing 2.Routing IP, ICMP

A focus of a company on functional objectives without regards to process objectives is termed what type of syndrome? A. functional fixation B. Process execution C. Functional optimization D. Process silo E. None of the above

E. None of the above

In the early days of technology... A. Companies bought off the shelf software. B. Companies owned multiple mainframes. C. Companies mined their data and used predictive analytics. D. A,B, and C E. None of the above

E. None of the above

The step migration option where a firm shuts down their legacy systems is known as.. A. Rehosting B. Replatforming C. Repurchasing D. Refactoring E. Retiring F. Retaining

E. Retiring

Transport Layer?

End-to-End Management 1.Link application layer to network 2.Segmenting and tracking 3.Flow control TCP, UDP

Overlapping Trust Boundaries

If physical IT resources within a cloud are shared by different cloud service consumers, these cloud service consumers have overlapping trust boundaries. Malicious cloud service consumers can target shared IT resources with the intention of compromising cloud consumers or other IT resources that share the same trust boundary.

Risk Assessment

In the risk assessment stage, the cloud environment is analyzed to identify potential vulnerabilities and shortcomings that threats can exploit.

IAAS

Infrastructure-as-a-Service (IaaS) - The IaaS delivery model represents a self-contained IT environment comprised of infrastructure-centric IT resources that can be accessed and managed via cloud service-based interfaces and tools. This environment can include hardware, network, connectivity, operating systems, and other "raw" IT resources. The cloud consumer is using a virtual server within an IaaS environment. Cloud consumers are provided with a range of contractual guarantees by the cloud provider, pertaining to characteristics such as capacity, performance, and availability.

Malicious Insider

Malicious insiders are human threat agents acting on behalf of or in relation to the cloud provider. They are typically current or former employees or third parties with access to the cloud provider's premises

Risk Treatment

Mitigation policies and plans are designed during the risk treatment stage with the intent of successfully treating the risks that were discovered during risk assessment.

Data Link Layer?

Move a message from one device to the next 1.Controls hardware 2.Formats the message 3.Error checking Ethernet

PAAS

Platform-as-a-Service (PaaS) - The PaaS delivery model represents a pre-defined "ready-to-use" environment typically comprised of already deployed and configured IT resources. • The cloud consumer wants to extend on-premise environments into the cloud for scalability and economic purposes. • The cloud consumer uses the ready-made environment to entirely substitute an on-premise environment. • The cloud consumer wants to become a cloud provider and deploys its own cloud services to be made available to other external cloud consumers.

Confidentiality

Protection of organizational data from unauthorized disclosure

SAAS

Software-as-a-Service (SaaS) - A software program positioned as a shared cloud service and made available as a "product" or generic utility represents the typical profile of a SaaS offering. The SaaS delivery model is typically used to make a reusable cloud service widely available (often commercially) to a range of cloud consumers

Horizontal scaling

The allocating or releasing of IT resources that are of the same type is referred to as horizontal scaling (Figure 3.4). The horizontal allocation of resources is referred to as scaling out and the horizontal releasing of resources is referred to as scaling in.

Multi-tenancy

The characteristic of a software program that enables an instance of the program to serve different consumers (tenants) whereby each is isolated from the other, is referred to as multitenancy. A cloud provider pools its IT resources to serve multiple cloud service consumers by using multitenancy models that frequently rely on the use of virtualization technologies.

Cloud Service Consumer

The cloud service consumer is a temporary runtime role assumed by a software program when it accesses a cloud service. Types of cloud service consumers can include software programs and services capable of remotely accessing cloud services with published service contracts, as well as workstations, laptops and mobile devices running software capable of remotely accessing other IT resources positioned as cloud services.

Availability

The degree to which information and systems are accessible to authorized users

Insufficient Authorization

The insufficient authorization attack occurs when access is granted to an attacker erroneously or too broadly, resulting in the attacker getting access to IT resources that are normally protected.

Malicious Intermediary

The malicious intermediary threat arises when messages are intercepted and altered by a malicious service agent, thereby potentially compromising the message's confidentiality and/or integrity. It may also insert harmful data into the message before forwarding it to its destination.

Denial of Service

The objective of the denial of service (DoS) attack is to overload IT resources to the point where they cannot function properly.

Cloud provider

The organization that provides cloud-based IT resources is the cloud provider. When assuming the role of cloud provider, an organization is responsible for making cloud services available to cloud consumers, as per agreed upon SLA guarantees.

Cloud service owner

The person or organization that legally owns a cloud service is called a cloud service owner. The cloud service owner can be the cloud consumer, or the cloud provider that owns the cloud within which the cloud service resides.

Risk Control

The risk control stage is related to risk monitoring, a three-step process that is comprised of surveying related events, reviewing these events to determine the effectiveness of previous assessments and treatments, and identifying any policy adjustment needs.

Threat vs. Vulnerability

Threat - A threat is a potential security violation that can challenge defenses in an attempt to breach privacy and/or cause harm Vulnerability - A vulnerability is a weakness that can be exploited either because it is protected by insufficient security controls, or because existing security controls are overcome by an attack.

Traffic Eavesdropping

Traffic eavesdropping occurs when data being transferred to or within a cloud (usually from the cloud consumer to the cloud provider) is passively intercepted by a malicious service agent for illegitimate information gathering purposes (Figure 6.8). The aim of this attack is to directly compromise the confidentiality of the data and, possibly, the confidentiality of the relationship between the cloud consumer and cloud provider.

Physical Layer?

Transmits the message 100BASE-T, 802.11n

Ubiquitous Access

Ubiquitous access represents the ability for a cloud service to be widely accessible. Establishing ubiquitous access for a cloud service can require support for a range of devices, transport protocols, interfaces, and security technologies. To enable this level of access generally requires that the cloud service architecture be tailored to the particular needs of different cloud service consumers.

Application Layer?

User's access to network, software to perform work HTTP, SMTP, DNS, FTP, DHCP, IMAP, POP, SSL

Vertical scaling

When an existing IT resource is replaced by another with higher or lower capacity, vertical scaling is considered to have occurred (Figure 3.5). Specifically, the replacing of an IT resource with another that has a higher capacity is referred to as scaling up and the replacing an IT resource with another that has a lower capacity is considered scaling down.

Trust boundary

a logical perimeter that typically spans beyond physical boundaries to represent the extent to which IT resources are trusted

Single-tenancy

each customer or tenant must purchase and maintain an individual system

Container build file?

is a descriptor (created by the user or service) that represents the requirements of the application and services that run inside the container, as well as the configuration parameters required by the container engine in order to create and deploy the container. The syntax and format of the container build file and configuration parameters it defines depend on the choice of container engine.

Container Engine?

is specialized software that is deployed in an operating system to abstract the required resources and enable the definition and deployment of containers. Each container engine provides a set of management tools and commands/APIs to create, modify, schedule, run, stop, start or delete the containers.

Container Image

uses a container image to deploy an image based on pre-defined requirements. This customized image is normally an immutable read-only image, which enables the deployed application or services in the container to function and perform tasks, but prevents any changes from being made.

IT resources that can be virtualized?

• Servers - A physical server can be abstracted into a virtual server. • Storage - A physical storage device can be abstracted into a virtual storage device or a virtual disk. • Network - Physical routers and switches can be abstracted into logical network fabrics, such as VLANs. • Power - A physical UPS and power distribution units can be abstracted into what are commonly referred to as virtual UPSs.

What can users customize in a multi-tenant solution?

• User Interface - Tenants can define a specialized "look and feel" for their application interface. • Business Process - Tenants can customize the rules, logic, and workflows of the business processes that are implemented in the application. • Data Model - Tenants can extend the data schema of the application to include, exclude, or rename fields in the application data structures. • Access Control - Tenants can independently control the access rights for users and groups.

Infrastructure related overhead

• technical personnel required to keep the environment operational • upgrades and patches that introduce additional testing and deployment cycles • utility bills and capital expense investments for power and cooling • security and access control measures that need to be maintained and enforced to protect infrastructure resources • administrative and accounts staff that may be required to keep track of licenses and support arrangements

Contention Access

•Devices must be "polite" and follow these steps: -"Listen" for traffic -If another device is transmitting, wait to transmit -Otherwise, transmit (and keep listening) -If another device begins to transmit, stop and wait

Controlled access

•Each device must get "permission" to transmit, similar to raising a hand

Advantages of cloud computing

•Lower computer costs: •Improved performance: •Reduced software costs: •Instant software updates: •Improved document format compatibility. •Unlimited storage capacity: •Increased data reliability: •Universal document access: •Latest version availability: •Easier group collaboration: •Device independence.

Disadvantages of cloud computing

•Requires a constant Internet connection: •Does not work well with low-speed connections: •Features might be limited: •Can be slow: •Stored data might not be secure: •Stored data can be lost: