Time
45 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, everybody. And welcome to the introduction to Cloud Security. My name is Nicholas Moy.
00:04
So when we're talking about cloud models, basically what we're talking about are the I s pass and sass and the one I wanted to start. Start with this. I ask because it stands for infrastructure as a service infrastructure as a service, basically meaning that you get to manage the core little piece of the cloud that you're purchasing. You got Thio
00:24
literally
00:25
order. How much CPU you want? How much ram you want? How much storage do you want? How many hard drives are solid state drives? He wants the eye ops performance.
00:34
It's really customizable. He gets installed whatever operating system you want. Obviously, if you can manage the operating system, you could manage the applications. And in turn, you can also, you know, control whatever data you store in that little piece of the cloud.
00:48
Ah, the description here is cloud vendors provide the clients with a pay as you go access to storage, networking servers and other computing resource is and the cloud
00:58
and ah, it's cheaper than purchasing your your servers and your instances on premise. Because you know you're only paying for what you need instead of if you were to order something on premise, you obviously have to pay for. Rent out a large server
01:14
and try thio. Calculate how much you're gonna need for the next 3 to 5 years, depending on the term of that contract for that server,
01:21
and you may not have enough for you may have too much, and
01:23
that's just a waste of money. So when you could go with pay as you go, you can obviously customize that as you go. If you If you don't have enough, you can always add more. If you have too much, you could scale down and try to cut off a little bit on your bill there. And uh,
01:40
you can. You can customize the server to do whatever you need it to dio from networking to
01:45
files sharing to, uh, running a testing sweets for an application that your building and many more opportunities.
01:55
The next cloud model that I wanted to talk about is past past stands for platform as a service, and essentially, it's the cloud vendor providing access to a cloud based environment that has been pre built for clients to begin building and delivering applications. It basically provides the supplies
02:13
the client with the underlying infrastructure. So all they have to worry about is the code. Now,
02:19
let's stop there for a second. Think about that. What does that mean? Well, if I asked handles if I s allows you to handle everything from the operating system and patching that maintaining that to the applications in the data
02:34
passes basically eliminating the operating side, they're based, the operating system side
02:40
passes, basically eliminating the operating system side and saying, OK,
02:46
we're gonna go ahead and take care of that for you. It's already pre built. You're just gonna pay for You know, that operating system, we're gonna maintain it and, uh, you just do what you do best, and that's code. You just
02:58
build your applications, focus on delivering and focus on testing it,
03:01
and we'll take care of the rest. And and that's passed in a super simple. I think most developers they you know, they don't wanna handle the infrastructure. That's a headache. That's a nightmare. Having toe worry about patching and having to worry about
03:15
integrating infrastructure software together just to get things to work you know, making sure that you got the right I p addresses and things air, you know, statically set. So they're not changing. Otherwise, things you're gonna break
03:27
all that headache
03:29
is gone. All the headache is taken care of. All you need to do is just coat. Just build your web application or build your mobile application. Er, connect the AP eyes and secure that and make sure that you know your your databases are sinking correctly to the application and that everything is being stored. That's past.
03:49
You get to just focus on coding
03:51
and not the infrastructure.
03:53
And the last Claude model that I want to talk about is SAS, which stands for software as a service.
04:00
Essentially, we hear this a lot. This is actually a buzz word that's been thrown around in the I T. Community. If you've been in I t for any length of time, you've heard of sass.
04:08
It's being able to use software and a pay as you go model over the Internet. So, you know, you think of ah, office 3 65 or or g sweet. You know, Google Sweet Microsoft word is not necessarily an application that you can just purchase a CD and install and just, you know, have it in a seedy bundle and
04:28
all that. I mean, I guess you you probably can. But
04:30
why? Why would you if you could just
04:33
purchase it online? You whip out your credit card and you download the Execute Herbal and you install it.
04:39
And if you happen to lose that file, you could just log back in and download it again. And no more worries about CDs. No more worries about the licensing code and whether or not you lost it or accidentally threw it in the trash. It's all taken care of for you. You just
04:54
just pay for it and it's in a pay as you go model si pana monthly basis of you pre pay for a year and that's it.
05:01
That's s
05:02
that's that's all. That's all the SAS. It's it's It's the cloud vendor delivering the software in the applications through the Internet, users subscribed to the software and access it through the Web
05:12
or a vendor's A P I, which you know
05:15
AP eyes. That's ah, that's a complicated subject for those of you who are new to the cloud space but basically you're just integrating software together. You're saying I'm gonna hook this software, that software
05:26
and, ah, you know somebody p I's require that you pay for that, and that falls with ***. It's something that a software company pre built for you and already takes care of. And you just got a plug it right and just
05:35
copy and paste the code right in there, and it just works.
05:39
That's the That's the SAS Cloud model,
05:42
and that's the SAS Cloud model.
05:45
The next thing I want to talk about our cloud deployments. So there are three types of clouds. Appointments and the 1st 1 that we're gonna talk about this private cloud.
05:54
Basically, Private Cloud is simply the infrastructure that is used by a single organization. The cloud infrastructure can be on premise or off premise, but it usually is managed by the organization itself. So
06:08
let's say you are. You're purchasing a dedicated server and it's not on premise. It's it's off across the country and and that's part of your infrastructure. Well,
06:17
if that server, if you own that entire server and you do not share any portion of the server with anybody, technically, it could be classified as private cloud,
06:28
and that's where we're talking about here. But it's more than likely when we're talking about Private Cloud. We're talking about a a ah cloud resource or a or a server. Instance. Server resource of data that you can access from anywhere in the world and it sits within your own data center were within your own data closet. Um,
06:47
things to keep in mind when it comes to private clauses that
06:51
a they're more expensive.
06:54
That's because you're paying for everything up front. You're buying the whole server. And if that server
06:59
you know, runs out of capacity or becomes outdated, well, you've got to pay for a whole new server or more components, and that just really adds up. On top of that, you gotta pay to maintain it.
07:10
You know, with with private clouds, you are required to maintain them. Otherwise, you got a security issue on your hands. You gotta patch it. You've got to make sure everything's up to date. You've got to make sure that everything's connected, and so you got antivirus software, all that stuff, so usually you're hiring a dedicated team just to maintain them and
07:28
that significantly increases the cost
07:30
of maintenance for the private cloud. And but on the other hands, one of the benefits to the private cloud is that you're better secured because you know what was implemented. You know where that server physically stands. You know where that server physically
07:45
is located and what's in it and what's around it. What kind of security controls air there, and there's never that looming question like, Oh, I wonder if that cloud vendor is actually doing what they say they're doing,
07:58
which will get into that in a minute. But
08:01
for those of you who are a little bit weary to cloud deployments and using public clouds, private clouds might be a better solution for you. So there's also the issue where you don't have to worry about the privacy concerns because, you know, if you won't have to worry about your data being sense across
08:18
to other countries or being replicated to other servers because you handle the infrastructure,
08:22
all that privacy, all that data is literally sitting in whatever server you tell it to sit in, and you know exactly where that stands. You know exactly where the what kind of controls air there. What what's in the data center? To allow availability to allow confidentiality to allow integrity.
08:41
So
08:43
that's your private club. The next cloud deployment model that I want to talk about is the public lot, which is the exact opposite of the private cloud.
08:50
Public Cloud is a deployment model that allows users to use cloud service is from a cloud infrastructure that is off premise, and it's likely being shared with other users across the globe. I say, Likely because,
09:03
and I'm 99% sure that it will be used and shared
09:07
with other use across the globe. But that does not mean that your data is exploitable when you're using a a very popular cloud vendor, like eight of us or azure, you know, because they guarantee its and this would be a significant liability on their part.
09:24
But you know that that your data is being secured, you know that you are getting exactly what you pay for when they promise you 11 9 durability and they promise you, Ah, 99.99% availability.
09:39
Well, these things are actual true facts because they have the money to expand their data centers. They have the money to make sure that the infrastructure is is being stretched as far as they need it to be, so that they can provide you with the availability that you need, the durability, the security compliance,
09:58
et cetera. So
10:00
one thing to keep in mind about public clouds is that they're very affordable. You know, you're paying for what you need and on Lee what you need, and it's a really great way to start getting into the cloud, especially if you're just getting your feet wet, because
10:11
maybe you may not need to dump everything into the cloud. You're still trying to figure that out, and you can just kind of ease your way into it starts using maybe one server. Ah,
10:22
start using the public cloud for a a backup
10:24
system for one server, and then eventually, as you feel more comfortable, you can.
10:30
Another benefit to keep in mind when you're using Public Cloud is that they're maintains by the Cloud Vendors Admin team. So you don't have to have your own dedicated team members worrying about maintaining the storage making, making sure that the file structures are
10:48
working and they're in place and that you're not losing any data
10:50
you already have that taken care of for you by the cloud vendor. That's what they dio. That's that's where you're paying them to, Dio. And you're just paying for what you need us for our storage and making sure that it runs well with whatever you have on premise or or other applications. Other integrations that you're using with other cloud service is, and it's it's really that simple.
11:09
The downside to using Public Cloud
11:13
and really, I wouldn't consider it a down side. I actually think this is a, uh, a a fault by many who believe this. But
11:20
the one thing to keep in mind when it comes to public clouds
11:24
is that they may have some security and privacy concerns, depending on the vendor security accreditations, which I'm going to show you how to find out those accreditations here shortly. But
11:35
basically, you just want to make sure that your data is going thio be where you want it to be and not distributed across the world's thio different servers. That's you, don't that it shouldn't be long, Tonto, and really, what I'm talking about Here are things like HIPPA and GDP. Our GDP are being
11:54
the European European Union,
11:58
the European Union general Data protection regulation basically regulated data. We want to make sure that the regulated data is only being held where you want it to be held and then it's not being shared and to other countries and data centers in other countries, where shouldn't be. And I don't want to scare you when I say that
12:18
we're going to be going over that a little bit further in this course. But essentially what I'm talking about is
12:24
if you have a data center that handles some type of hippo information and hip A being in United States,
12:33
you want to make sure that those servers are going to say that the servers on the stories you're gonna be using is going to be in the United States on Lee, and it's not gonna be over in Europe. It's not gonna be over in Asia. It's going to sit here. You don't have to worry about some of the fines that our associate it with breaking compliance and
12:52
you don't want to tread over that water
12:54
now. Does eight of us provide that? Yes, do other Claude. Vendors provide that? Yes,
13:00
but you want to make sure
13:01
So some things to keep in mind when you're thinking about using the public cloud, is that a It's very affordable.
13:09
What I mean by this is that you're paying for what you use. You're not paying for everything. You're not paying for the entire server all in one sitting, so it's very easy to scale into the cloud. Ah, you know, by storing little files here and there, you can maybe store ah backup system for one server
13:28
or store a backup system for an entire
13:31
department, um,
13:33
and slowly scale into that as you need. And as you feel more comfortable,
13:37
the other benefit is that the service's and the storage and the servers and things that you're using in the cloud that's all maintains by the Cloud Vendors Administrative Team. Now, when we're thinking about I asked, and you gotta handle the operating system and stuff like that will obviously that song, you you're gonna be handling that. But
13:54
when it comes to the networking for those servers, when it comes to the hyper visor less sir,
13:58
things like that that's not in your control. That is in the control of the cloud vendor.
14:05
The one concern that you should have when you're using Public Cloud is when it comes to security and privacy concerns of the regulated data that you're using.
14:16
What am I talking about? I'm talking about HIPPA. I'm talking about ah, fed ramp. I'm talking about phys mom talking about GDP R p c. I think
14:26
Look, I'm a PC. I things like that.
14:30
That type of data, obviously you want to see how that regulated data is going to allow or disallow your use in the clouds. And then obviously you want to compare that with the Claude vendors, documentation and their accreditation to make sure that they are able to give you what you need in order to stay compliance that
14:48
you're not accruing any of those fees and you don't get in trouble
14:52
with those regulated boards. So the next cloud deployment model that I want to talk about is the hybrid cloud. Now, this is gonna be pretty self explanatory. Basically, the hybrid cloud acts as a mixture of the public and private clouds
15:07
where organization may use a public cloud to handle a particular task while relying on their existing on promise infrastructure
15:13
to handle more of the privacy data driven tasks and stuff like that. So think of it like maybe your AH health organization and your locating United States. So you're dealing with HIPPA. Well, maybe you want to keep your hip related data your hip, a regulated data on premise.
15:31
But so when it comes to non hip, a non patient information
15:35
that still is crucial to your operations, you may want to use the the public cloud as a back of solution or as a compute solution for for those types of data for that type of processing within your organization. And that could be a good use case for the hybrid cloud.
15:56
There's a lot of different types of of ways that you can go about implementing the hybrid cloud. But here's some of the benefits, so
16:03
hybrid cloud is gonna vary and cost, depending on your use case. Like I said, you know, depending on the size of the organization and depending on what you do, you may need to have a lot of servers on premise, and you may use little bits of the public cloud to do certain things Or maybe
16:18
you rely more heavily on the public cloud and you don't really have a whole lot that you need
16:22
on premise. And and you're not dealing with a lot of regulated data on premise that that will kind of vary. So the costs gonna vary there. It's gonna be maintained by your organization. And it's also gonna be maintained by the cloud vendor, respectively. Obviously, anything on premise you are going to handle and whatever you use, and the cloud will be handled by them,
16:44
and it can be strategically utilized to avoid security and privacy concerns. They use case I described with hip A. That's a good example of that. You know, whenever you're dealing with P. C. I or you're dealing with other types of regulated data that obviously you can see how to fit that in here. And Thio ultimately
17:03
benefit your your organization and your business schools that way

Up Next

Cloud Fundamentals for Security Practitioners

In this course, you will learn the fundamentals of Cloud services and concepts through the lens of a security practitioner.

Instructed By

Instructor Profile Image
Nicolas Moy
Senior Cloud Security Engineer
Instructor