Welcome to Cyber is Video Siris on Company, A Security Plus 5 +01 certification and Exam.
I'm your Instructor, Round Warner, and this video is about cloud computing and cloud security.
In this video on section 3.7 of Security Plus, I will summarize cloud and virtual ization concepts.
Cloud computing as it is used today, aged a general term that basically describes anything that involves delivering hosted computing service is over the Internet.
There are many terms and concepts you need be familiar with, associated with cloud security and cloud computing. I'll be discussing the following in this video.
On premise versus Hosted versus Cloud Service is
cloud deployment models,
user virtual ization and hyper visors.
Virtual desktop environments,
issues associated with virtualization, such a sprawl and VM escaped protection,
a cloud access security broker
and security as a service.
Cloud computing includes various flavors and uses of technology such as desktop, says the service and streaming operating systems.
These environments have huge potential for dramatically simplified I t infrastructure,
with more cost efficient IittIe management and utilization.
Let's dive into these topics.
I'll begin with the definition of cloud computing according to nest
cloud computing is a model for neighborhood enabling, ubiquitous, convenient on demand network access to a shared pool of configurable computing. Resource is
that could be rapidly provisioned and released with minimal management effort or service provider interaction.
There's a lot of benefits associated with cloud computing, but there are also risks that will cover through this video.
The servers used for cloud computing and virtual ization can be located almost anywhere.
If you choose to locate them within your physical confines of your location, say, within your data center, they're said to be on premise.
The benefit of locating them on premise is that you control the physical access to the servers and have an interest in protecting them more than anyone else.
With the hosted model, another provider assumes responsibility for supplying you with the virtual access you need. You contract with them for a specific period of time, and during that time they bear responsibility for security overhead and so on.
They may store the servers at a single location or at multiple locations.
The cloud is previously mentioned is leveraging the Internet, and it's a hosted type of model.
Along with the definition, Miss provides a framework for cloud computing.
This overview image provides many of the terms you need to know
over review some of them over the next few minutes. In this video,
there are essential characteristics of cloud computing.
These are associated with the definition you heard earlier from nest.
First is that on demand? Self service where consumer community laterally provisioned computing capabilities. Such a server time network storage additional processors as needed, automatically without requiring human interaction.
Broad network access? Are those capabilities available over a network and access through standard networks that promote the use of hetero genius thin or thick client platforms?
Resource pulling is the providers. Computing resource is
With resource pooling the providers. Computing resources are pulled to serve. Multiple consumers using multi tenant model with different physical and virtual resource is dynamically assigned and reassigned according to consumer demand.
There is a sense of location independent and that the customer generally has no control or even knowledge. Over the exact location of the provided resource is
rapid elasticity are those capabilities that could be provisioned and released quickly and easily, and in some cases automatically to scale rapidly outward and inward. Based on the demand
to the consumer. The capabilities available for provisioning often appeared to be unlimited and can be appropriated in any quantity of time. Measured service are those clouds systems that automatically control and optimize resource use by leveraging a media ring capability at some level of abstraction appropriate to the type of service.
Be familiar with the essential characteristics of cloud computing. She'll need to associate thes with security principles.
There are three common models of cloud computing Service's software as a service platform as a service and infrastructure as a service,
I'll discuss each next
software as a service S A s is the capability provided to the consumer to use the providers applications running in a cloud infrastructure. So it's using specific software applications within the Cloud
Cloud Provider provisions software to the user. For example, you can buy database service is from Amazon with included Oracle licenses, or you can bring your own license.
Examples of this include Adobe Office 3 65 and Amazon Relational. Database service is
the next model. You should be familiar with his platform As a service,
you see the nest definition on your screen.
The concept here is where you're buying a specific operating system or platform from a cloud service provider.
The cloud service provider has a complete environment for running software on a fully managed environment.
Examples of this include Google App engine, Amazon elastic being stock, E, B s and many others.
The third type of cloud computing model is infrastructure as a service or I s.
This is where you're buying the whole infrastructure and that support from your cloud service provider,
including provisioning including processing storage networks and other fundamental computing resource is
examples of this our Amazon elastic compute cloudy See, too
Google Compute Engine and Michael Microsoft as your
You should also be familiar with the different cloud deployment models according to nest Ah, private clouds to find as the cloud infrastructure is provisioned for exclusive use by a single organization.
So you'll have your own cloud infrastructure within your organization That on Lee, your organization uses
contrasting. That is a public cloud
where the cloud infrastructure provisioned for open use by the general public.
A community cloud is a cloud infrastructure for the exclusive use of a specific community of consumers from organizations that have shared concerns
it may be owned. Manager operated by more than one of the organizations in the compete in the community. 1/3 party or combination,
The last model is a hybrid cloud.
Hybrid cloud is a combination of these cloud deployment models. Say, for example, part private, part community cloud.
Be familiar with these different cloud deployment models. As you're studying for security. Plus,
in orderto have cloud computing, you must have virtual ization.
This is an abstraction of the hardware, making it available to virtual machines, and it's which is the foundation on which cloud computing is built.
Next topic will discuss is all about virtual ization,
the underlying technology for virtual ization, and it's known as hyper visors.
This is the application that creates and runs virtual machines.
It presents the guest operating systems with virtual operating platform and manages the execution of the guest operating systems.
There are two types of implementation methods of hyper visors.
on your screen. You see examples of each of the types of hyper visors.
The Type one hyper visor model, also known as bare metal, is independent of the operating system and boots before the operating system,
the type to hyper visor model, also known as hosted, is dependent on the operating system. Cannot boot until the operating system is up and running. It needs the operating system to stay up so it can boot
from a performance. In scalability standpoint, the Type one model is superior to Type two.
Type two is considered more complex to manage.
Virtual ization containers are either used with or replace hyper visors. Virtual containers operate differently from the appliances because they contain Onley applications and follow minimal requirements to run the application in the container package. Containers do not
require a hyper visor or a separate operating system instances
because they shared the same operating system colonel as the host. This makes them more efficient and permits the host to run many containers simultaneously.
The downside of containers is that because they use the same operating system host colonel, the underlying operating system can theoretically be compromised if a user or application has elevated privileges within the container.
Without properly vetting the container, the organization can open itself up to malware infestation and security breaches
organizations, maybe moving to virtual ization of their desktop environment, known as VD. I in VD,
a virtual desktop environment is similar in the form of server virtualization, but with some differences in their usage and performance demands made on the desktop. Virtualization is often the most dynamic Walda virtualized environment because far more changes are made inside the environment. Both locally
and over the Internet been a virtualized server.
Most VD ease include software for managing the virtual desktops. A virtual desktop infrastructure. VD I is the server based virtual ization technology that hosts and manages the virtual desktops. Functions include creating the desktop images,
managing death stops on the servers and providing client network access for the desktop.
If designed and managed properly, VD, I and VD can maximize efficiency and reduce management costs.
Improper management can result in security risks and loss in productivity.
In addition to having a virtual desktop environment. You can also use the cloud for storage of data and files
on your screen to see the three primary types of network storage
direct attached Storage network attached George and Storage Area networks.
For each of these security is similar,
protecting access control and then leveraging encryption on the storage device.
I will now discuss different techniques for securing a virtualized environment.
The first is VM escape protection. The idea of a virtual machine guest escape has been discussed for many years.
The idea is you're able to move from one operating system, one virtual machine toe a separate virtual machine by going through that hyper visor.
Of'em Escape happens when the virtual machine breaks out of or escapes from its isolation. Even with containers, the concept is to protect against escaping from V EMS using secure techniques.
Ways to prevent VM escape include keep up to date on your virtual machines.
Provide patches as needed to the hyper visors and containers
also count. Contact your cloud service provider. Inquire about patching affecting your products.
The next concept is VM sprawl avoidance Basically overusing shared resource is
if you consider a virtual machine is gonna be leveraging. The resource is of the underlying operating system. The virtual machine is over using The resource is
So there should be caps placed on V M says to the amount of memory processing power and storage they can use.
A Cloud Access Security broker C. A S B are actually on premise cloud based security policy enforcement points.
They exist between the cloud service users and the cloud service providers for the purpose of combining and adding enterprise security policies. As resource is our access.
Last virtual ization security concept is security. As a service,
this is generally a subscription based business model for acquiring and managing security function.
For example, a virtual security operation center.
Be familiar with these terms and leverage your study material to learn more about each.
If you have access to the security plus lab environment, you will see virtual ization and cloud in action, where you can leverage and use multiple operating systems within the lab platform.
See the lab example on the screen. I recommend you use thes for your hands on practice with virtualization.
You can also learn more on your own using tools such as VM wear or oracles virtual box to install and use virtual machines on almost any type of platform.
In this video on section 3.7, I covered some of the general topics associated with cloud computing, cloud security and virtual ization.
Let's practice on a few sample quiz questions.
This cloud computing model provides not only virtualized deployment, but also a value added solution. Stack and an application development environment.
Platform as a service,
review the definitions of each of the cloud computing models for more information.
Which term best describes a cloud feature involving dynamically allocating resource is as needed.
The answer is B U elasticity
Review the definitions of each of these terms.
This concludes the video for section 3.7 that summarizes cloud and virtual ization concept.
Review your study material for more information on these topics.