Essential Characteristics

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 59 minutes
Video Transcription
in this video, we're going to continue our journey in domain one which is cloud computing concepts and architecture. And we're gonna take a look at the NIST model four defining cloud. Specifically, we're gonna look at the five essential characteristics that the NIST model defines. And then you may recall we looked at both the NIST definition
in the prior lesson as well as the ice Oh, definition. And so that is so has 1/6 essential characteristic.
And we're gonna touch on what that is as well.
Here we have a visual depiction of the NIST model essential characteristics, service models, deployment models, the latter two we're gonna cover in subsequent videos. But in this video, we're focusing on that very top square area.
And let's talk about resource pooling, right? This is where we have that common physical infrastructure
that's been abstracted through virtual ization and gets allocated to many different tenants. The physical aspects really are not made directly apparent to the cloud user themselves. They have no control over the exact location, but they have
control over the logical amounts of compute of storage and so forth that get provisioned to them
and provided in that control is given to them through self service, so they don't need to directly interact with the cloud administrator. The individuals or organization that maintains the physical infrastructure itself when they want to get resource is in that pool allocated to them.
It's usually done through some sort of a Web portal or an automation.
This is also referred to as the cloud management plane. We're going to be covering that quite in depth in subsequent lessons of this course
moving forward. Broad network access. This is another key characteristic of cloud computing. Right access to standard clients computers, desktops, laptops, mobile devices, traditional or cloud based software services. Right, so they're available over the network because physical access,
specially when you're using a public cloud provider is definitely not feasible. And even when you have a private cloud,
if you have a distributed company having people walk into the server room, this is not really a good idea. Generally, that's going to be quite locked down from a security perspective. You want access to the physical facilities themselves to be minimised to a select few of individuals who are have a reason for doing that
rapid elasticity this is the ability to scale up, scale out or do a little bit of both. And by scale up, I mean, get a more powerful machine, more CPU, more ram scale out. I mean, have more
a higher quantity of machines, which could certainly be very powerful machines in their own right. But they're two different approaches. And then, of course, there's both. And in cloud computing, the concept of scaling out is a big paradigm around cloud native.
To really make sure you have that resiliency and fail over within your applications,
you don't have to wait for a procurement in the whole physical provisioning of a new server. Or even let's say you have a bunch of virtual machines in place, but you're managing. The underlying resource pulls yourself. There will become a point where you hit that limit
of the resource pool. Just can't accommodate another virtual machine, so
you have to wait until you get additional physical resource is to add into that pool, go through the provisioning of procurement process with cloud. Your ability to scale out becomes
not infinite, right in a true and precise sense. But the cloud providers, especially the big ones have a whole lot of capacity and they're creating some very large pools that they're aggregating and distributing across to the day various tenants. So the capacity planning aspect of it,
instead of being something you need to consider
which would be in the case, you have your own virtual machine farm that gets outsourced to the actual cloud provider. And they're doing the capacity planning not just for yourself, but for all the tenants that air using that shared resource pool
measured service. Right? So just like the electricity analogy, you're gonna get your electricity bill based on how much you use you with the cloud world. This is a key characteristic is being able to have the measure of the service so the tenants Onley use what's allocated to them. But, um,
they have fees associated and calculated based on what they do use. In fact, so this is the utility. Computing
is another key word that you're gonna wanna understand when you're going in taking your CCS K.
And the fifth characteristic of cloud computing is on demand self service. So being able to allocate those resource is from that pool
without human interaction, right? This is often done with the cloud management plane that we mentioned a few minutes ago. And, um, you have a nice interface with programmatic AP ICE Ways to do this without having to make that call down to the data center. So a consumer basically can unilaterally provisioned the computing capabilities.
This includes things like,
uh, server allocation, memory, CPU, network storage, all that elasticity. Being able to do that
through more programmatic means or at least through ah, simple interaction with a Web portal type interface is the fifth characteristic defining on demand self service
and rallying this out. We're going to examine the sixth essential characteristic of cloud computing. According to the Isil model.
It's multi tenancy, right that emergent property of have a bunch of resource Is there being used by lots of different people, your segregating in your isolating them. What are the aspects relative to multi tendency that drive this characteristic? So starting at the top circle here, policy driven enforcement
And by that we're talking about the cloud.
Since provider and cloud consumers they defined their how their environment should look using policies so these could be implemented in the user interface or directly through policies
enforced through some sort of a formal policy language, right? A lot of the cloud providers, especially public, all providers. They allow you to create policies, security policies or just uses limitation policies we provided you think about you provided these end users with the ability to self provisioned machines.
Well, maybe you and your company, you want to make a
provisioning in there or creating a profound policy rather that is going to prevent these individuals from spinning up some super compute machine with 32 cores and the terabyte of RAM, which is gonna create an extensive bill for you. So policies air allow you to
and provide that self service, but also create some guard rails to prevent people from creating exorbitantly large bills or from creating insecure setups and configurations that could expose you and your company what we'll talk about these more Aziz. We proceed,
and within that customers, they run their own segment of the cloud, right? So the multi tenant environment, the provider themselves, sanctions off and kind of isolates the different tenants themselves. So segmentation is how the provider divides up the cloud amongst those different tenants. Isolation
is the next element, and that's where the consumers in one segment, they shouldn't be able to see anything running in a different segment.
And this is a key control of the multi tenant characteristic of cloud computing.
Computers and one segment should never see or be ableto interact with something running in a different segment.
Governance is an overall management model of the cloud from contacts and service levels, the policies and a lot of other characteristics that air enforcement mechanisms of governance. And we will talk about those in subsequent videos and lessons as well service levels. So what should the cloud user
expect in terms of up time? Since the research pool is a shared environment, the cloud provider they needs mechanisms to divide up, the resource is, and they also need service levels to define who gets what resource is. Of course, they're managing the physical infrastructure, so
there's going to be some outages. There's going to be some blips in this very complex
infrastructure that will affect up time and reliability. So setting those in providing those to the multiple tennis is a key element of multi tenancy. And then last but not least, is the charge back building, which is quite comparable to the concept of
measured service that we were talking about in the nests. Five essential characteristics of cloud.
Since the cloud controller needs to know exactly he who is using what resource is from the pool at all times. It is only natural that they have this kind of meat, a ring in place for billing purposes.
Just to summarize this video, we discussed the five essential characteristics common to in ISC. Resource pooling,
broad network access, rapid elasticity, measured service on demand, self service. And then we spent a good amount of time talking about multi tenancy characteristic, which is the 6th 6th characteristic in the isil and all the different considerations themselves about what is multi tendency and
what do you was really important
for the cloud provider to ensure when they are supporting a multi tenant environment.
Up Next
Certificate of Cloud Security Knowledge (CCSK)

This course prepares you to take the Certificate of Cloud Security Knowledge (CCSK) certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.

Instructed By