Architectural Concepts and Design Requirements

CCSP Domain 1

ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS

DOMAIN 1: ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS INTRODUCTION

Why the Cloud? Definitions and Roles
Cloud Service Categories (SaaS, Paas, Iaas)
Deployment Models (Public, Private, Hybrid)
Key Principles of Enterprise Architecture
Network Security and Perimeter
Identity and Access Management
Media Sanitization
Virtualization Security
Threats
Business Continuity

CLOUD COMPUTING NIST SP 800-145

“Cloud computing is a model for enabling ubiquitous, convenient on-demand network access to a shared pool of configurable computing resources (e.g., networks, server, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

MANAGED SERVICE PROVIDERS

A managed service provider (MSP) is a company that remotely manages a customer’s IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.

Client maintains control over the technology and operating procedures
Smaller companies may not have budget to support Full-time IT
Larger companies may supplement their existing staff
Offers a predictable monthly cost for IT services

CLOUD COMPUTING DEFINITIONS
Anything as a Service: Services provided over the internet as opposed to being provided locally
Business Continuity: The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident
Cloud Applications: a software application never installed on a local application, but is accessed over the internet
CAMP (Cloud Application Management for Platforms) Providing service of management applications including packaging and deployment across public and private cloud computing
Cloud Backup: Allows backup to a remote cloud-based server
Cloud Migration: The process of transitioning all or part of a company’s data or infrastructure to the cloud
Cloud Portability: The ability to move applications and their data between one cloud provider and another or from public/private cloud

CLOUD COMPUTING DEFINITIONS CONTINUED
Cloud Provisioning: The deployment of a company’s cloud computing strategy. Provisioning entails developing the processes for interfacing with the cloud’s applications and services as well as auditing and monitoring who accesses and utilizes the resources.
Desktop as a Service: An implementation of virtual desktop infrastructure (VDI). Often delivered with the applications needed for use on the virtual desktop
Infrastructure as a Service: Computer infrastructure such as servers, virtualization and storage
Platform as a Service: Deploying onto the cloud infrastructure customer created or acquired applications that are created programming libraries, languages, services and tools supported by the provider.
Software as a Service: A software delivery method that provides access to software and its functions remotely as a web-based service
Vertical Cloud Computing: Describes the use of cloud computing and services for a particular vertical (Specific industry or specific-use) application

CLOUD COMPUTING DEFINITIONS CONTINUED

Public Cloud: Cloud storage where the enterprise is separated from the service provider and the data is stored and accessed across the internet
Private Cloud: Cloud storage where the data/storage resources reside within the enterprise’s datacenter

CLOUD COMPUTING ROLES

Cloud Customer: Individual or entity that utilizes or subscribes to cloud-based services or resources
Cloud Provider: The company that provides the cloud-based platform or services
Cloud Backup Service provider: Third-party entity that manages and provides operational services for cloud-based backups
Cloud Services Broker: A third-party entity that looks to extend or enhance value to multiple customers of cloud-based services through relationships with multiple cloud service providers. It acts as a liaison between customers and providers ideally selecting the best provider for each customer. The CSB acts as a middleman to broker the best deal and customize services
Cloud Service Auditor: Third-party organization that verifies attainment of SLAs

CLOUD COMPUTING ROLES CONTINUED

Cloud Administrator: Responsible for implementation, monitoring and maintenance of the cloud within the organization or on behalf of an organization.
Cloud Application Architect: Responsible for adapting, porting or deploying applications to a target cloud environment
Cloud Data Architect: makes sure that storage and mechanisms within the clouds meet and conform to the relevant SLAs.
Cloud Architect: will determine when and how a private cloud meets the policies and needs of the organization
Cloud Service Manager: Typically responsible for policy design, business agreements, pricing models and some elements of the SLA. The role works with cloud management and customers to reach agreement.

WHY THE CLOUD?

Scalability
Elasticity
Cost-Savings
Reduced Infrastructure
Less Overhead
Pay as you go

CLOUD SERVICE CATEGORIES

Iaas
Paas
Saas

IaaS

Infrastructure as a Service
Per NIST SP 800-145 “the capability provided is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run software including applications and operating systems. The consumer doesn’t control the infrastructure, but does control the OS, storage, deployed apps and configuration settings.

IaaS OFFERS:

Usage metered and priced on the basis of units consumed
Upwards or Downwards scalability as needed
Reduced TCO: No need to buy any assets, as day-to-day efforts are provided within the cloud. Reduced cost of maintenance and support, and no loss of asset value
Reduced energy and cooling costs along with green IT environment
Reduced in-house IT staff

PaaS

Platform as a Service: provides the customer the capability to deploy onto the cloud infrastructure consumer-created or acquired application created using programming languages, libraries, services and tools supported by the provider.

PaaS OFFERS:

Support for multiple languages and frameworks allowing developers to code in whichever programming language they prefer
Multiple hosting environments: the ability to offer a wide variety and choice for the underlying hosting environments
Flexibility: Focus on open standards and allowing relevant plugins to be quickly introduced to the platform. The goal is to reduce “lock-in” that comes with proprietary source code
Automatic scalability: The application to seamlessly scale up and down as required by the platform.

SaaS

Software as a Services provides the consumer the ability to use the provider’s applications running on a cloud infrastructure.
The applications are accessible from various client devices through an interface like a web browser or a program interface
Can be delivered either as
Hosted Application Management (AM): The provider hosts commercially available software for customers and delivers it over the web
Software on Demand: The cloud provider gives customers network-based access to a single copy of an application created specifically for SaaS distribution

SaaS OFFERS

Users can access their applications and data from anywhere anytime
Reduced TCO—reduced the need for advanced hardware. Redundancy and storage are provided
Rather than purchasing licenses, software is leased
Pay-per-use
Elasticity
Updates and Patch management is the responsibility of the provider
Standardization—all users have the same version of software

CLOUD DEPLOYMENT MODELS

Public
Private
Hybrid
Community

MULTI-TENANCY

Mode of operation of software where multiple independent instances share the same environment
Physical environment is generally shared
Segmentation: Separating tenant resources/data/applications, etc.
Isolation: Logical isolation is often provided through virtualization
Governance: Propose a data governance framework to ensure the privacy, availability, integrity and overall security of data in different cloud models
Service Levels: Document minimum expected performance
Chargeback and metering refers to the ability of an IT organization to track and measure the IT expenses per business unit and charge them back accordingly.

SERVICE LEVEL AGREEMENTS

Availability (e.g. 99.99% during work days, 99.9% for nights/weekends)
Performance (e.g. maximum response times)
Security / privacy of the data (e.g. encrypting all stored and transmitted data)
Disaster Recovery expectations (e.g. worse case recovery commitment)
Location of the data (e.g. consistent with local legislation)
Access to the data (e.g. data retrievable from provider in readable format)
Portability of the data (e.g. ability to move data to a different provider)
Process to identify problems and resolution expectations (e.g. call center)
Change Management process (e.g. changes – updates or new services)
Dispute mediation process (e.g. escalation process, consequences)
Exit Strategy with expectations on the provider to ensure smooth transition

PUBLIC CLOUD BENEFITS

Easy and inexpensive—hardware, application and bandwidth are the responsibility of the provider
Easy to provision resources
Scalability
Pay as you go

PRIVATE CLOUD MODEL

Provisioned for exclusive use by a single organization comprising multiple business units
It may be owned managed and operated by the organization, a third party, or a combination
May be on or off premises
Provides much greater control over date, underlying systems and applications
Greater control over security
Assurance over data location, removal of multiple jurisdiction legal and compliance requirements

HYBRID CLOUD MODEL

The hybrid is a composition of two or more distinct cloud infrastructures (private, community, or public)
Provides organizations with the ability to retain control of their IT environments, but gives them the convenience of using public cloud service for non-mission-critical efforts
Utilized if there is a need to retain ownership and oversight of critical tasks and processes related to technology
Re-use previous investments in technology within the organization
Control the most critical business components/systems
“Cloud bursting” allows for public cloud resources to be utilitzed when private cloud workload has reached capacity

COMMUNITY CLOUD MODEL

Provisioned for exclusive use by a specific community of consumers from organizations that have shared objectives and requirements
May be operated by one of more of the organizations in the community or a third party
Community clouds should give the benefits of a public cloud while providing heightened privacy security and regulatory compliance.

KEY PRINCIPLES OF AN ENTERPRISE ARCHITECTURE

Define protections that enable trust in the cloud
Develop cross-platform capabilities and patterns for proprietary and open source providers
Facilitate trusted and efficient access, administration and resiliency to the customer
Provide direction to secure information that is protected by regulations.
Facilitate proper and efficient identification, authentication, authorization, administration and auditability.
Centralize security policy maintenance operation, and oversight functions.
Access to information must be secure yet still easy to obtain
Delegate or federate access control where appropriate
Must be easy to adopt and consume, supporting the design of security patterns
The architecture must be elastic, flexible and resilient, supporting multi -tenant, multi-landlord platforms
Architecture must address and support multiple levels of protection, including network, operating system, and application security needs

CRYPTOGRAPHY IN THE CLOUD

Data in Motion
Cloud architect is usually responsible for reviewing how data in transit will be protected
SSL/TLS create and encrypted tunnel
IP Sec tunnel mode is also a good solution
Data at rest
Though data is stored in the cloud best practices dictate key management be handled by the client
RKMS (Remote Key Management Service): Customer owns KMS on premise but it is managed remotely by the service provider allowing customer to control the confidentiality while the provider provides support remotely
Client Side Key Management: Similar to RKMS the client side approach puts the customer in control of encryption/decryption keys.
KMS resides on customer’s premises.

IDENTITY AND ACCESS MANAGEMENT AND
ACCESS CONTROL

Includes the people, processes and systems that are used to manage access to enterprise resources. This ensures:
Identity of an entity is verified
Correct level of access is granted based on asset, services and protected resources being accessed
Multifactor Authentication is preferred

PHASES OF IAM

Provisioning and de-provisioning
Centralized directory services
Privileged user management
Authentication and access management

PROVISIONING AND DE-PROVISIONING

The goal of provisioning is to standardize, streamline, and create an efficient account creation process, while creating a consistent, measurable, traceable and auditable framework for providing access to end users.
De-Provisioning is the process whereby a user account is disabled when the user no longer requires access to the cloud-based services and resources. Includes users leaving the organization, as well as changing roles or functions or departments

CENTRALIZED DIRECTORY SERVICES

Most common protocol is LDAP, which stores, processes and facilitates a structured repository of information stored, coupled with unique identifiers and locations
LDAP Is the communications protocol used to interact with Active Director

PRIVILEGED USER MANAGEMENT

Focuses on process and ongoing requirements to manage the lifecycle of user accounts with the highest privileges
These accounts carry the highest risk and impact
Should include the ability to: track usage, authentication successes and failures, authorization times/dates, log successful and failed events, enforce password management and contain sufficient levels of auditing and reporting

AUTHORIZATION AND ACCESS MANAGEMENT

Regulates what a subject can do to an object
Users require authorization and access management to access required/appropriate resources
Should be functional, operational and trusted
Should be based on sound security principles such as separation of duties, privilege management, password management, etc.

DATA AND MEDIA SANITIZATION

When leaving or migrating from a cloud provider, considerations must be made for export/import of data in standards-based formats
“Vendor lock-in” describes situation where proprietary formats, technology, etc. make it more difficult to move data out of the cloud or from on provider or another
How is media sanitized after removal?
Degaussing/physical destruction is rarely an option. Overwriting is frequently used.

VIRTUALIZATION SECURITY

Virtualization allows logical isolation on multi-tenant servers
May also allow attackers to target relevant components and functions to gain unauthorized access to data/systems/resources]f
Relies upon the security of the Hypervisor

HYPERVISOR

Allows multiple OS to share a single hardware host, with the appearance of each host having exclusive use of resources
Type I Hypervisor running directly on the hardware with VM resources provided by the hypervisor. “Also referred to as “bare metal.” VMware ESXI, Citrix XenServer. Hardware based
Type II Hypervisor runs on a host OS to provide virtualization services. VMware workstation, and MS VirtualPC. Software-based.

HYPERVISOR SECURITY

Type I hypervisors significantly reduce the attack surface. Hypervisor vendors has control over relevant software that comprises and forms the hypervisor package, reducing the likelihood of malicious code being introduced at the hypervisor foundation
Type II hypervisors have greater vulnerability since they are OS based. Numerous vulnerabilities exist within various OS opening up additional opportunities.

COMMON THREATS

“Notorious 9”
Data Breaches: Disclosure
Data Loss: Loss of integrity or destruction
Account of Service Hijacking: Attacker sniffing or MITM
Insecure Interfaces/APIs: provided by vendors to access their networks
DoS or DDos
Malicious insiders
Abuse of cloud services: Inherent weakness of any internet service
Insufficient Due Diligence/Due Care
Due diligence investigating and understanding risks
Due care: Developing policies and procedures to address risks
Shared Technology Vulnerabilities: multiple tenants brings in risks

SECURITY FOR DIFFERENT CLOUD CATEGORIES

IaaS requires focus and understanding of the layers of the architecture from architecture to virtualization components. Concerns include VM Attacks, Virtual Switches/Network, VM Based Rootkits/malicious hypervisor, single point of access
PaaS requires addressing 4 main issues
System/Resource isolation
User-level permissions
User Access Management
Protection against malware
SaaS Involves 3 main areas
Data Segregation
Data Access and Policies
Web Application Security

BUSINESS CONTINUITY AND DISASTER RECOVER PLANNING

Continuity Management is the process in which risks and threats to the ongoing availability of services, business functions and the organization are actively reviewed and managed at set intervals.
Disaster recovery focuses on restoration of most critical business functions in the event of large impact events
Must address C-I-A triad

RESTORATION PLAN

Due Diligence requires review of plans of the Cloud Service Provider and SLAs in relation to:
RPO
RTO
Compensation for loss
Definitions of Criticality of specific services
Points of contact and escalation

COST-BENEFIT ANALYSIS

The key driver for the adoption of cloud computing
Resource pooling
Time and efficiencies
No depreciation of resources
Savings of utilities costs
Software Licensing and maintenance costs
Thin Clients
Pay per usage

STANDARDS-BASED APPROACHES

Few standards exist exclusively for cloud computing
ISO 27001 looks to certify that the ISMS can address relevant risks and elements that is appropriate based on risks
ISO 27002 is the framework for best practice
SOC I, II, III Service Organization Control defines a comprehensive approach to auditing and assesses the provider’s controls and their effectiveness
NIST 800-53: Goal is ensure that appropriate security requirements and security controls are applied to all US Federal government information and information systems
Common Criteria
FIPS 140 addresses uses of encryption and cryptography
PCI-DSS, HIPPA and other regulations

DOMAIN 1: ARCHITECTURAL CONCEPTS AND
DESIGN REQUIREMENTS

Introduction
Why the Cloud? Definitions and Roles
Cloud Service Categories (SaaS, Paas, Iaas)
Deployment Models (Public, Private, Hybrid)
Key Principles of Enterprise Architecture
Network Security and Perimeter
Identity and Access Management
Media Sanitization
Virtualization Security
Threats
Business Continuity