1.12 Cloud Service Models Part 4: IaaS

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
all right now, our final as a service, if you will. Infrastructures of service. This is the environment where all the compute resource is that we think about one thing about storage. We think about processing. We think about network in traffic isolations. All of that
is essentially being handed over
to the elements of a service level provider. And what I mean by that is we don't have any computer resource is as far as the network infrastructure goes, so we're not housing our servers anymore. And again, it doesn't have to be all or nothing You can part impartial. This a cz needed. But ultimately
the resource is
are all virtualized. You will talk about software to find networking in just a little bit, but ultimately from my service provider,
I lease a virtual machine. They give me a virtual machine. What I do from that point forward is mine. I have a tremendous amount of flexibility because they're not really giving me anything. It's not like I'm able to just wash my hands here and say
then clients no updates. Everything's happy because really, all I'm getting is a new network, starting with one server that I can build upon and create the network connectivity. But I'm still doing everything
right. They're not controlling any of this with their providing for me. Is
the facility there providing the hardware environment? They provide me with a virtual machine. Really? They provide me with that hyper visor. And at that point in time, that's all the cloud service provider is giving me. And I don't give me an operating system that's actually testable. You do not get an operating system with infrastructures of service.
All you gets the facility,
you get the hardware equipment and you get a hyper visor.
We choose what operating system to install, and we install it on that hyper visor.
Whatever operating system I want to use, I use. Then I spent up another surfer and I could install whatever software will spend up another surfer. I can develop software on that other server. I can you know, it doesn't have to be all or nothing. I can use this in combination with platform and software. As a service,
I can use it alone. I could just use it for storage.
I can just, you know, I can use the networking capacity, but ultimately This is what used me the greatest flexibility with infrastructures of service. But it also means I have the most responsibility. Right flexibility means responsibility. I can configure infrastructures of service anyway. I want right
we said, with software is a service with Google
Gmail. I couldn't configure Googles Google Mail in such a way that you can click on the Link couldn't launch a Web app for 25 people.
But in infrastructure is a service I designed. Whatever I want, I could do. That platform is a service, and then infrastructure is a service. I could run that on my network. So often you've got software that was developed with platform is a service that's running in an infrastructure. Is this room? I don't know if that makes sense, but the pieces
kind of stacked one on top of each other.
All right, so with infrastructure is a service, um,
have really quick, really easy scale ability for network resource is not just for an application, but for increased network traffic, decreased traffic storage needs, and I pay as I go again. Big deal. Here's those reduced that reduced
set capital expenses and hopefully that carries over to total cost of of ownership. You know the expense of purchasing ah, 100 service, 25 hours, 39 million switches. You know, all these different components having a facility in which to store the status in our items,
being able to heat and cool
and provide proper ventilation, all those things that is expensive. And that's where infrastructures of service comes in. Take all this stuff that's been in my server room
and have the service is handled somewhere else. I determined I'm still in control of what service is air used, you know, from the operating system up and how the networks configured and whether or not our systems air patched right. If all I'm doing is infrastructures of service,
I have to take care of everything.
So it's a trade off, right? And save more money. If I gain flexibility, often I lose security or control, and that's just the bounce.
So I hope that made sense. Biggest security concerns for I A s. Well, okay, so if you're looking for security concerns of infrastructures of service,
all the other concerns with networking in general and with having storage all of those but then addition looking at it from infrastructures of service. Specifically, you know, we're concerned about the viens, the virtual sheets, and we'll talk about the different types of hyper visors. But like we said, I've built this network.
It is on Lee on a virtual system
that's part of a multi tendency device, right? So what happens if somewhere else a compromise happens? What happens if the host hyper visor is compromised? If you're hyper visors compromised, you have nothing
right? None of your virtual systems or virtual networks. Your resource is work, So a concern for infrastructures of service is
one compromise in a single hyper visor prince. Everything crashing down.
That's concern concern on dhe. There are tools garage designed specifically to attack virtual machines and sniff out hyper visors and try to what's called the M escape. It's hot from one of'em to another.
You know the other. You know, great thing about virtualization is you can run a zillion different servers on a single machine.
The downside is you're running a single machine that has a zillion different service's meaning. If that one single device dies,
well, unless you have other redundancy in place, then you know involved all your resource is now. Of course, we're gonna make sure that our service provider does have redundancy in place. But the point that I just want to make is that
when everything you have is on a single system, if that system fails, then everything's lost. So now with doing this, we have to think about, you know, disaster recovery, business continuity down the line. That's not necessarily included. Infrastructure service. We need to ensure that we're taking care from those needs.
One single network card
provides a path into every single virtual machine, potentially
right, and that's the Cloud service providers configuration. It's not my responsibility to secure the hyper visor, but it's my problem if it doesn't get secured, if that makes sense. So it's not like I'm telling my CSP. Here's how. Which you configure your hyper visor. Make sure your hyper visors patched up to date.
if I don't choose the proper Cloud service provider and they don't properly maintain their hyper visors than not my responsibility, but it is something that I'm liable for having happened right? Always liable for my dad. All right, so kind of wrapping it up. Software as a service platform actually,
let's stop,
Let me break and let's do this is a summary.
Okay, so stop
Paul's Kelly drinks tea.
All right, let's just go ahead. And some of these service is if we can sew. Three. Main Service's software's a service platform is a service Infrastructures of service. I think it's a good idea to know who's gonna be touching this. So, for instance, in Software's A service,
there's not a lot of work for the network admin to do right. It's the user who's using office 3 65
It's the individual users, the end users that are taking advantage of the software products
as a general. Hey, who's using platform Is a service develops If you're developing an application, your software developer platform is a service That's yours. Network admin zehr gonna be the ones working with infrastructures of service? A. Again, I'm giving a virtual machine,
and that's it.
Everything from that point forward is up to me. Spend up virtual discs, install operating systems, configure networking segment traffic, install operating systems on clients, patch those systems, skin them for malware. All that stuff is mine,
so ultimately
it's really important to know who's using each service or who's gonna have the interaction with each service. So what do we get? Well, with software as a service service provided is wait for it.
Ah, software or the application itself. Right. That's the product
with platform is a service. You get the runtime environment,
you get an operating system and you get a database. That's very testable.
Platform is a service. You get an operating system is already there,
and you get a one time environment for your applications.
You get a database. Like I said, for backend integration, right
infrastructures a server. What do you get? You get hardware and you get a hyper visor,
right? And that's it.
All right. Um, cloud storage. Yeah. And really, at the bottom of that says cloud storage, you could just say compute function, Ryan, storage processor network, all that stuff.
All right. And then, you know, just a couple of other little pieces I'm gonna jump over to customization, and I just want to hit this again.
Customization. You don't get to customize when you buy software as a service. Usually you by would you buy and you get what you get. You access it online. What I gets the same thing everybody else gets Now again, there are always exceptions and always things to be done. But we're just talking, you know, kind of by default.
A now with platform is a service.
I only design applications, right. I don't get Thio bring in and deal with switching. And you know all of these other elements of a network. I'm not building servers out creating storage elements,
but I can design whatever kind of application I want, Right? Have total flexibility for the application. Now, assuming that I'm using the tools that they provided, right, You know, there may be some proprietary tools that are not offered to you is part of the platform is a service steel. But
you know, I get an environment which I could design any software I want. It doesn't solve a lot of problems,
right? Platform is a service. Just makes it easy for me to develop software.
Okay. Makes it easier.
Now. Infrastructure is a surface infrastructures of service. I have the most customization.
Why? Because I have the greatest responsibility.
Every element of my infrastructure I have to configure. The hardware is being stored at the cloud service provider. But as faras configuration of the virtual machines, the network paths the segregation. What platforms? We're gonna run patching the system, securing the system.
All that's my responsibility.
Aye. So you trade responsibility for ease of use. Ain't nothing free A nothing easy ever.
Okay, So, like I said, this is a pretty good little summary sheet. I would familiarize myself with that. Particularly being aware of half of the levels of customization you get with each of the service is as well as the degree of control that you have.
That's what they really hit a lot of the test, so make sure you familiarize yourself with that.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By