1.10 Cloud Service Models Part 2: SaaS

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
all right now, our first as a service that will talk about this software is the service, and everyone's use software is a service. E mails, A perfect example of software's a service. You wanna access Gmail? You don't have to download installed G mail on your system. Right? You go to a website
and you access the Gmail software That's actually being run on a server somewhere else. Right?
So that's great. I don't have to install anything. I don't have toe update anything. I don't have to worry that the hardware on my computer isn't gonna be strong. Robust enough to run G mail. Right? And those there big concerns. Those definitely big concerns.
So have that taken away and may be able to go.
Don't have to deal with it. That's a benefit.
Now, what's the trade off? Well, where's my dad? A store where my email messages stored?
I don't know.
How are they protected? I don't know.
Read your service level agreement with Google, right? No guarantees. It's out of my hands. So I've turned over that control. Um,
I can't customize Gmail. I mean, to a certain degree I can write Aiken, Aiken, do the basics that they give May. I can use, you know, blue background and yellow font. And I can have these images and this that and the other. But if I just decided today, Hey, I want you to be able to click on a link in your
the mail message and start a multi cast
with 25 other computers. That's not what Gmail does, 40 right? You need some other means to make that happen.
So I get what I get, and it's also what I gets, what I want. That's fine. I don't get a lot of flexibility. I don't get customization, but I get Google to take care of all that stuff for me. Click, click type. My message clicks in. I am done
for folks that use wet. Now you will probably find that wet male takes up a very small piece of your life. From a troubleshooting perspective, you know it's for us. The technical pieces that go underneath. It's not my responsibility. Google handles that
so that software's a service. Beautiful, beautiful, beautiful. You can get to that data anywhere, any coming, you know, Back before office 3 65
I had to load office of my whole machine, then on my word machine that I had, you know, another system I might work on or this computer, that computer. I had to install the software I'd have to there and restore the data from a shared location. You know, software is a service. Everything's there.
I don't have to install Gmail
to go over to my friend's house. I just opened up. Go to the website. There's my messages. I open up office 3 65 and what I've stored within the constraints of Office 3 65 is there so that ubiquitous access that network availability
reduced total cost of ownership thin clients. I don't have to keep buying a new laptop every year and 1/2 anymore.
Ultimately, whatever system you've got songs you can connect to the Internet. You can access the software there because the software's not being run on your system.
Paper use pays, I need because I go. I don't have to buy the software, at least the software now. That may not necessarily mean it saves me money in the long run,
but again, there's that shift between upfront calls and cost occurring over time, and usually we mind
upfront costs because they're in a big chunk of money. Much more mind those than we do
expenses, overtime and then standardization. Hallelujah. If every system
that I worked with was running the exact same operating system right down to the latest patch, the exact same software,
all of these Oh, same, same same My life would be a beautiful, wonderful world,
a huge part of what makes networking And, um, you know, design architecture, troubleshooting administration is the fact that we have so many variances are variables rather in our environment. You know you're running
Windows 10 but you're running. This guy's running when they're seven because he needs an application that only runs on 1 to 7.
We can't patch the system all the way because the patch conflicts with a piece of software. Wahba, Wahba, Wahba. No more
Software's a service. The software's on a single server that is managed. US. Such doesn't matter what your hardware is. Accessing the software. It's all the same.
So thumbs up there now when we have to think about security, which, of course, we do three main things for software. As a service, we have to think about segregation of data.
We have to make sure that we have good access policies, and we have to think about the Web app. How secure the Web app is itself.
So the three main issues, even with software's A service data, is still my responsibility, right? I'm still legally liable for data.
Just think about it. If I had caught a confidential information
that I sent to myself through Gmail,
probably bad idea are sent to you through Gmail.
G milk. It's hacked.
I'm still liable, right? We've said that you can't transfer liability or responsibility,
so data will always come down. To me, even with software is a service. I have responsibility for determining where data stored, how it's stored. Isolation of information. Do I want that co mingled with other users? Information.
How do I want the segregation of data at rest?
Data access and policies? Who gets access to office? 3 65
Where does Office 3 65 Store information by default. How do users authenticate office? 3 65 Can they use a password that they have to use a smart card today? Use biometrics. That's that's the customers responsibility, right? I gotta figure that out,
and then not all Web applications are created equal. That's a concern there. A 1,000,000 providers out there with Web APS. I mean, we've all seen it. Go to your iPhone. We've gotten app for that. You may have an app, but there's no telling how secure that act is. Mine. Have you ever gone to open up like a cookbook?
And the APP says we would like your permission to access your camera?
No, you're a cookbook. You don't leave my camera. It's not like I'm gonna take pictures of what I've cooked and ask you for advice. That doesn't work that way. Well, what that tells me is I've got an application that's doing a lot more than I think that applications doing right?
Not all Web maps were created equal.
So yes, offers is the service has some huge benefits. You know, you talk about lower cost of ownership, you talk about, then clients. You talk about consistency of software within the environment. That's all good stuff. But that doesn't mean we don't have anything to worry about.
We still have to think about segregating data. We've got to think about identity and access manage with the access policies
for the data, and we've got to make sure that we have reliable weather maps.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By