1.5 NIST's 5 Cloud Actors

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

12 hours 48 minutes
Video Transcription
But Kelly, you say, Who are the cloud actors? Tell me more about them. Well, thank you for asking. I'd be delighted to tell you about them. Pernice, there are five plowed actors or entities that are required
within a cloud environment. Now, I'm not saying in every environment you'll always have a cloud service broker or this. That or the other. I'm not saying that, adult, but these are actors that participate in cloud based transactions. You may hear different entities, you know, state, you know, at another resource, or call something different.
This is once again from n'est.
So I I wouldn't even be surprised if you saw something. Which of the following eyes The correct listing of the five cloud actors. And they give you a, B, C and D, each with different entities. And you'd be looking for these five. And don't get me wrong. The exam, for the most part, is not that easy.
But just like the C. I s s P exam, they'll throw in some just fact based questions just to make sure that on top of all this idea and theory and principal, you still have to know your facts. Okay? so Cloud Service consumer. Like I said, we can consider ourselves to be the cloud service consumer, the customer
throughout. That's who we are
that will make us the custodian
off our information.
Hey, I want you to jot down that title. The Cloud Service consumer is the custodian of information,
so that information belongs to me. I may choose to store it in the cloud, right, but it's still my information, and we'll talk about that, cause that's really important when we get to the part where we talk about liability and security in those elements. So the consumer could also be called the customer or the custodian.
Dramatic poles for coffee
that is to really hot.
All right, Cloud Service provider. These are the folks taking my money better, providing me with these surfaces. So we know Amazon and Microsoft is your and you know we could name tons and tons of cloud service providers, and
they're also specialty providers. Like, for instance, you know, if all you want is identity as a service, there's a cloud service provider called Peyton, or, if you want disaster recovery is a service or this, you know, peace. So not all cloud service providers do everything some do. And
cloud carrier. There's gotta be a way to transmit information physically, right? We gotta have the wires to transmit across. So that cloud carry your network. This is gonna be what's gonna allow. Uh, this is the path that Dad is gonna travel
from customer to the cloud. There's gotta be a network.
Um, Cloud service auditor. Oh, no. Cloud service broke one other piece, especially in the last five years or so As more organizations migrate to the cloud.
A lot of organizations don't have the knowledge to make good decisions or determine architecture or configurations. So an organization might pay a cloud service provoked, but broker to help them,
you know, almost like you have a real estate agent to help you buy a house. They know the right questions. To ask the new things to check for their job is to put you into the house you want. Well, same thing for cloud service provider. A broker. Let me connect you with the appropriate environment. That's gonna best meet your needs. Right? That's a C s b.
Excuse me. And then last cloud service auditor so important so very important.
You know, the greatest. We have so many threats. I would say the greatest so many threats when it comes to cloud computing, right? I mean, I'm old fashioned. I like to have things in my hand. I like them to be where I can see them.
So the fact that I'm turning over my precious resource is to an entity in outer space for all I know, right? That takes a lot of, um, it takes a lot of nerve for me to do that.
So I better have the highest degree of of assurance in the quality of my service provider.
And if I don't, then it's anybody's game.
So I can't usually show up with the pencil and clipboard and just knock on Amazon, store it a DBS and say, Hey, I'd like to come in and look around
I could do that if the equipment was on my purposes. But those days are gone.
What I can do, though, is look at their ratings from auditors. There's a register called Star Security Trust and Assurance Registry could be testable. Ah, security trust insurance registry that
indicates that basically is an audit of how closely the Cloud Service provider
meets. There s L A.
Hey, here's your S l A Do you mean it? Does Anybody can promise anything. I'll promise you the moon. But if nobody's auditing to making sure that I'm providing what I've offered, that promise is no good. So we looked up auditors to indicate Yes, we can have assurance in this particular vendor. Alright, so star
is just a registry that you can go and you confuse the degree to which a cloud service provider meets
their service level agreements. All right. And those are the five cloud actors.
Up Next
Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By