5 hours 31 minutes

Video Description

This lesson covers cloud deployment considerations and multi tenancy. In this lesson, participants learn about cloud deployment models: • Public • Private • Hybrid • Community Also discussed is multi-tenancy which is a mode of operation of software where multiple independent in stances share the same physical environment. Participants also learn about service level agreements and what is covered and expected under said agreements.

Video Transcription

now, when we choose our deployment model within the cloud public, private, community, hybrid or
hybrid community, however, But ultimately what this means is the type of cloud environment which we're going to deploy a resource is or use service is so you know, one of the first ideas of the cloud is multi tendency. And you see this certainly with public,
uh, with the public cloud.
So ultimately, we're gonna have many organizations sharing the same physical environment. So, you know, we may feel like we have access to a physical server and honestly to our users. For instance, if we're using so uh, storage mechanisms in the cloud
infrastructures of service and and, uh,
utilizing storage features to our users, it will see the same logical storage as storing in the local file server. So there won't be necessarily a very big difference to the end users. So the problem with that is, sometimes we'd get very complacent, and it feels like it's our own equipment on our own property
that we have the security controls over.
But ultimately what we're doing is we're storing across to an Internet service, a cloud service provider,
and we're sharing logical devices within the same physical environment. So the same physical device, the same physical hard drives many other organizations and its virtual ization that allows that the happen. So it's very important. Animal T tenancy environment is
first of all, certainly segmentation
being able to segment out my data from the next organizations data. But not just our data. That's important. But also, resource is access to physical resource is on the server memory processor utilization. Making sure there are applications or databases are Web APS, whatever those may be,
are segmented and that they're isolated as well.
Usually that comes through virtual ization, and you know we'll talk about in just a little while. What a wood an advancement in virtual ization has done for us in the cloud realm. And it's really the heart and soul of the clam once made it work.
The problem is, the virtual ization is not perfect, and it's not foolproof. And it's not,
um, even though we can consider to be secure nothing that is designed based on you know, the cloud infrastructure is ultimate or any environment is
Impenetrable, so to speak. So we look at the security that's provided, but We also must be cognizant of the weaknesses that air. They're also alright. Governance for an organization that does provide resource is in a multi tenancy environment. There needs to be a framework for governments.
There needs to be an existing structure, policies, procedure, standards, guidelines.
And ultimately we need that focus on security, the C I. A. Try at confidentiality, available and integrity. And in order for that to work, there must be a secure governance structure or framework in place.
Other things that we want. We want a service level agreement. We want a documented minimum acceptable degree of service with band with a performance up time, all those elements need to be specified, and
we need to have they need to provide us with charge back in meat. Oring.
So ultimately, we want to make sure that each business unit can be charged, or at least that their usage could be attributed to the specific business unit so that we can kind of track that usage per unit.
All right, service level agreements have just mentioned these lots of things that should be considered to be part of the service level agreement availability very standard to get that 99.9997% up time, you know, sometimes referred to as the five nines
performance, how quickly responses are processed security and privacy of the data. What degree of encryption is used doesn't meet my standards, perhaps as a health care provider.
Maybe in order to be in compliance with HIPPA, I would need a certain degree of protection care and t. Does that meet my requirements? I also want to find out business continuity and disaster recovery in the environment, which I'm storing my information. Where's the data located? And how can I access the data?
Let me mention that where the Gavin is located
made govern certain elements of privacy confidentiality.
And we want to make sure that laws in one location that standards in one location don't trump our individual needs. So where, as there may be a specific requirement in location a internationally, you know, in some other country where the data is being stored,
But I still have to meet my dad of storage requirements and my confidentiality requirements. So that's something.
Think about, um,
you know, uh, customer service. How do we resolve problems? Have we troubleshoot issues what sort of resolution or we guaranteed what sort of timing there needs to be a means of disputing any sort of service
issues or availability issues.
And then also, we wanna have some degree of exit strategy.
We're may not be with this provider forever. So if so, how do we retrieve our data? How we make sure that we smoothly transition either to another cloud service provider or back to hosting our resource is in house.

Up Next

ISC2 Certified Cloud Security Professional (CCSP)

This online course will guide you through the contents of the CCSP certification exam. Obtaining your CCSP certification shows that you are a competent, knowledgeable, cloud security specialist who has hands-on experience in the field.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor