Tel: 020 8456 3550
CCSP Domain 1
ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS
DOMAIN 1: ARCHITECTURAL CONCEPTS AND DESIGN REQUIREMENTS INTRODUCTION
Why the Cloud? Definitions and Roles
Cloud Service Categories (SaaS, Paas, Iaas)
Deployment Models (Public, Private, Hybrid)
Key Principles of Enterprise Architecture
Network Security and Perimeter
Identity and Access Management
Media Sanitization
Virtualization Security
Threats
Business Continuity
CLOUD COMPUTING NIST SP 800-145
“Cloud computing is a model for enabling ubiquitous, convenient on-demand network access to a shared pool of configurable computing resources (e.g., networks, server, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
MANAGED SERVICE PROVIDERS
A managed service provider (MSP) is a company that remotely manages a customer’s IT infrastructure and/or end-user systems, typically on a proactive basis and under a subscription model.
Client maintains control over the technology and operating procedures
Smaller companies may not have budget to support Full-time IT
Larger companies may supplement their existing staff
Offers a predictable monthly cost for IT services
CLOUD COMPUTING DEFINITIONS
Anything as a Service: Services provided over the internet as opposed to being provided locally
Business Continuity: The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident
Cloud Applications: a software application never installed on a local application, but is accessed over the internet
CAMP (Cloud Application Management for Platforms) Providing service of management applications including packaging and deployment across public and private cloud computing
Cloud Backup: Allows backup to a remote cloud-based server
Cloud Migration: The process of transitioning all or part of a company’s data or infrastructure to the cloud
Cloud Portability: The ability to move applications and their data between one cloud provider and another or from public/private cloud
CLOUD COMPUTING DEFINITIONS CONTINUED
Cloud Provisioning: The deployment of a company’s cloud computing strategy. Provisioning entails developing the processes for interfacing with the cloud’s applications and services as well as auditing and monitoring who accesses and utilizes the resources.
Desktop as a Service: An implementation of virtual desktop infrastructure (VDI). Often delivered with the applications needed for use on the virtual desktop
Infrastructure as a Service: Computer infrastructure such as servers, virtualization and storage
Platform as a Service: Deploying onto the cloud infrastructure customer created or acquired applications that are created programming libraries, languages, services and tools supported by the provider.
Software as a Service: A software delivery method that provides access to software and its functions remotely as a web-based service
Vertical Cloud Computing: Describes the use of cloud computing and services for a particular vertical (Specific industry or specific-use) application
CLOUD COMPUTING DEFINITIONS CONTINUED
Public Cloud: Cloud storage where the enterprise is separated from the service provider and the data is stored and accessed across the internet
Private Cloud: Cloud storage where the data/storage resources reside within the enterprise’s datacenter
CLOUD COMPUTING ROLES
Cloud Customer: Individual or entity that utilizes or subscribes to cloud-based services or resources
Cloud Provider: The company that provides the cloud-based platform or services
Cloud Backup Service provider: Third-party entity that manages and provides operational services for cloud-based backups
Cloud Services Broker: A third-party entity that looks to extend or enhance value to multiple customers of cloud-based services through relationships with multiple cloud service providers. It acts as a liaison between customers and providers ideally selecting the best provider for each customer. The CSB acts as a middleman to broker the best deal and customize services
Cloud Service Auditor: Third-party organization that verifies attainment of SLAs
CLOUD COMPUTING ROLES CONTINUED
Cloud Administrator: Responsible for implementation, monitoring and maintenance of the cloud within the organization or on behalf of an organization.
Cloud Application Architect: Responsible for adapting, porting or deploying applications to a target cloud environment
Cloud Data Architect: makes sure that storage and mechanisms within the clouds meet and conform to the relevant SLAs.
Cloud Architect: will determine when and how a private cloud meets the policies and needs of the organization
Cloud Service Manager: Typically responsible for policy design, business agreements, pricing models and some elements of the SLA. The role works with cloud management and customers to reach agreement.
WHY THE CLOUD?
Scalability
Elasticity
Cost-Savings
Reduced Infrastructure
Less Overhead
Pay as you go
CLOUD SERVICE CATEGORIES
Iaas
Paas
Saas
IaaS
Infrastructure as a Service
Per NIST SP 800-145 “the capability provided is to provision processing, storage, networks and other fundamental computing resources where the consumer is able to deploy and run software including applications and operating systems. The consumer doesn’t control the infrastructure, but does control the OS, storage, deployed apps and configuration settings.
IaaS OFFERS:
Usage metered and priced on the basis of units consumed
Upwards or Downwards scalability as needed
Reduced TCO: No need to buy any assets, as day-to-day efforts are provided within the cloud. Reduced cost of maintenance and support, and no loss of asset value
Reduced energy and cooling costs along with green IT environment
Reduced in-house IT staff
PaaS
Platform as a Service: provides the customer the capability to deploy onto the cloud infrastructure consumer-created or acquired application created using programming languages, libraries, services and tools supported by the provider.
PaaS OFFERS:
Support for multiple languages and frameworks allowing developers to code in whichever programming language they prefer
Multiple hosting environments: the ability to offer a wide variety and choice for the underlying hosting environments
Flexibility: Focus on open standards and allowing relevant plugins to be quickly introduced to the platform. The goal is to reduce “lock-in” that comes with proprietary source code
Automatic scalability: The application to seamlessly scale up and down as required by the platform.
SaaS
Software as a Services provides the consumer the ability to use the provider’s applications running on a cloud infrastructure.
The applications are accessible from various client devices through an interface like a web browser or a program interface
Can be delivered either as
Hosted Application Management (AM): The provider hosts commercially available software for customers and delivers it over the web
Software on Demand: The cloud provider gives customers network-based access to a single copy of an application created specifically for SaaS distribution
SaaS OFFERS
Users can access their applications and data from anywhere anytime
Reduced TCO—reduced the need for advanced hardware. Redundancy and storage are provided
Rather than purchasing licenses, software is leased
Pay-per-use
Elasticity
Updates and Patch management is the responsibility of the provider
Standardization—all users have the same version of software
CLOUD DEPLOYMENT MODELS
Public
Private
Hybrid
Community
MULTI-TENANCY
Mode of operation of software where multiple independent instances share the same environment
Physical environment is generally shared
Segmentation: Separating tenant resources/data/applications, etc.
Isolation: Logical isolation is often provided through virtualization
Governance: Propose a data governance framework to ensure the privacy, availability, integrity and overall security of data in different cloud models
Service Levels: Document minimum expected performance
Chargeback and metering refers to the ability of an IT organization to track and measure the IT expenses per business unit and charge them back accordingly.
SERVICE LEVEL AGREEMENTS
Availability (e.g. 99.99% during work days, 99.9% for nights/weekends)
Performance (e.g. maximum response times)
Security / privacy of the data (e.g. encrypting all stored and transmitted data)
Disaster Recovery expectations (e.g. worse case recovery commitment)
Location of the data (e.g. consistent with local legislation)
Access to the data (e.g. data retrievable from provider in readable format)
Portability of the data (e.g. ability to move data to a different provider)
Process to identify problems and resolution expectations (e.g. call center)
Change Management process (e.g. changes – updates or new services)
Dispute mediation process (e.g. escalation process, consequences)
Exit Strategy with expectations on the provider to ensure smooth transition
PUBLIC CLOUD BENEFITS
Easy and inexpensive—hardware, application and bandwidth are the responsibility of the provider
Easy to provision resources
Scalability
Pay as you go
PRIVATE CLOUD MODEL
Provisioned for exclusive use by a single organization comprising multiple business units
It may be owned managed and operated by the organization, a third party, or a combination
May be on or off premises
Provides much greater control over date, underlying systems and applications
Greater control over security
Assurance over data location, removal of multiple jurisdiction legal and compliance requirements
HYBRID CLOUD MODEL
The hybrid is a composition of two or more distinct cloud infrastructures (private, community, or public)
Provides organizations with the ability to retain control of their IT environments, but gives them the convenience of using public cloud service for non-mission-critical efforts
Utilized if there is a need to retain ownership and oversight of critical tasks and processes related to technology
Re-use previous investments in technology within the organization
Control the most critical business components/systems
“Cloud bursting” allows for public cloud resources to be utilitzed when private cloud workload has reached capacity
COMMUNITY CLOUD MODEL
Provisioned for exclusive use by a specific community of consumers from organizations that have shared objectives and requirements
May be operated by one of more of the organizations in the community or a third party
Community clouds should give the benefits of a public cloud while providing heightened privacy security and regulatory compliance.
KEY PRINCIPLES OF AN ENTERPRISE ARCHITECTURE
Define protections that enable trust in the cloud
Develop cross-platform capabilities and patterns for proprietary and open source providers
Facilitate trusted and efficient access, administration and resiliency to the customer
Provide direction to secure information that is protected by regulations.
Facilitate proper and efficient identification, authentication, authorization, administration and auditability.
Centralize security policy maintenance operation, and oversight functions.
Access to information must be secure yet still easy to obtain
Delegate or federate access control where appropriate
Must be easy to adopt and consume, supporting the design of security patterns
The architecture must be elastic, flexible and resilient, supporting multi -tenant, multi-landlord platforms
Architecture must address and support multiple levels of protection, including network, operating system, and application security needs
CRYPTOGRAPHY IN THE CLOUD
Data in Motion
Cloud architect is usually responsible for reviewing how data in transit will be protected
SSL/TLS create and encrypted tunnel
IP Sec tunnel mode is also a good solution
Data at rest
Though data is stored in the cloud best practices dictate key management be handled by the client
RKMS (Remote Key Management Service): Customer owns KMS on premise but it is managed remotely by the service provider allowing customer to control the confidentiality while the provider provides support remotely
Client Side Key Management: Similar to RKMS the client side approach puts the customer in control of encryption/decryption keys.
KMS resides on customer’s premises.
IDENTITY AND ACCESS MANAGEMENT AND
ACCESS CONTROL
Includes the people, processes and systems that are used to manage access to enterprise resources. This ensures:
Identity of an entity is verified
Correct level of access is granted based on asset, services and protected resources being accessed
Multifactor Authentication is preferred
PHASES OF IAM
Provisioning and de-provisioning
Centralized directory services
Privileged user management
Authentication and access management
PROVISIONING AND DE-PROVISIONING
The goal of provisioning is to standardize, streamline, and create an efficient account creation process, while creating a consistent, measurable, traceable and auditable framework for providing access to end users.
De-Provisioning is the process whereby a user account is disabled when the user no longer requires access to the cloud-based services and resources. Includes users leaving the organization, as well as changing roles or functions or departments
CENTRALIZED DIRECTORY SERVICES
Most common protocol is LDAP, which stores, processes and facilitates a structured repository of information stored, coupled with unique identifiers and locations
LDAP Is the communications protocol used to interact with Active Director
PRIVILEGED USER MANAGEMENT
Focuses on process and ongoing requirements to manage the lifecycle of user accounts with the highest privileges
These accounts carry the highest risk and impact
Should include the ability to: track usage, authentication successes and failures, authorization times/dates, log successful and failed events, enforce password management and contain sufficient levels of auditing and reporting
AUTHORIZATION AND ACCESS MANAGEMENT
Regulates what a subject can do to an object
Users require authorization and access management to access required/appropriate resources
Should be functional, operational and trusted
Should be based on sound security principles such as separation of duties, privilege management, password management, etc.
DATA AND MEDIA SANITIZATION
When leaving or migrating from a cloud provider, considerations must be made for export/import of data in standards-based formats
“Vendor lock-in” describes situation where proprietary formats, technology, etc. make it more difficult to move data out of the cloud or from on provider or another
How is media sanitized after removal?
Degaussing/physical destruction is rarely an option. Overwriting is frequently used.
VIRTUALIZATION SECURITY
Virtualization allows logical isolation on multi-tenant servers
May also allow attackers to target relevant components and functions to gain unauthorized access to data/systems/resources]f
Relies upon the security of the Hypervisor
HYPERVISOR
Allows multiple OS to share a single hardware host, with the appearance of each host having exclusive use of resources
Type I Hypervisor running directly on the hardware with VM resources provided by the hypervisor. “Also referred to as “bare metal.” VMware ESXI, Citrix XenServer. Hardware based
Type II Hypervisor runs on a host OS to provide virtualization services. VMware workstation, and MS VirtualPC. Software-based.
HYPERVISOR SECURITY
Type I hypervisors significantly reduce the attack surface. Hypervisor vendors has control over relevant software that comprises and forms the hypervisor package, reducing the likelihood of malicious code being introduced at the hypervisor foundation
Type II hypervisors have greater vulnerability since they are OS based. Numerous vulnerabilities exist within various OS opening up additional opportunities.
COMMON THREATS
“Notorious 9”
Data Breaches: Disclosure
Data Loss: Loss of integrity or destruction
Account of Service Hijacking: Attacker sniffing or MITM
Insecure Interfaces/APIs: provided by vendors to access their networks
DoS or DDos
Malicious insiders
Abuse of cloud services: Inherent weakness of any internet service
Insufficient Due Diligence/Due Care
Due diligence investigating and understanding risks
Due care: Developing policies and procedures to address risks
Shared Technology Vulnerabilities: multiple tenants brings in risks
SECURITY FOR DIFFERENT CLOUD CATEGORIES
IaaS requires focus and understanding of the layers of the architecture from architecture to virtualization components. Concerns include VM Attacks, Virtual Switches/Network, VM Based Rootkits/malicious hypervisor, single point of access
PaaS requires addressing 4 main issues
System/Resource isolation
User-level permissions
User Access Management
Protection against malware
SaaS Involves 3 main areas
Data Segregation
Data Access and Policies
Web Application Security
BUSINESS CONTINUITY AND DISASTER RECOVER PLANNING
Continuity Management is the process in which risks and threats to the ongoing availability of services, business functions and the organization are actively reviewed and managed at set intervals.
Disaster recovery focuses on restoration of most critical business functions in the event of large impact events
Must address C-I-A triad
RESTORATION PLAN
Due Diligence requires review of plans of the Cloud Service Provider and SLAs in relation to:
RPO
RTO
Compensation for loss
Definitions of Criticality of specific services
Points of contact and escalation
COST-BENEFIT ANALYSIS
The key driver for the adoption of cloud computing
Resource pooling
Time and efficiencies
No depreciation of resources
Savings of utilities costs
Software Licensing and maintenance costs
Thin Clients
Pay per usage
STANDARDS-BASED APPROACHES
Few standards exist exclusively for cloud computing
ISO 27001 looks to certify that the ISMS can address relevant risks and elements that is appropriate based on risks
ISO 27002 is the framework for best practice
SOC I, II, III Service Organization Control defines a comprehensive approach to auditing and assesses the provider’s controls and their effectiveness
NIST 800-53: Goal is ensure that appropriate security requirements and security controls are applied to all US Federal government information and information systems
Common Criteria
FIPS 140 addresses uses of encryption and cryptography
PCI-DSS, HIPPA and other regulations
DOMAIN 1: ARCHITECTURAL CONCEPTS AND
DESIGN REQUIREMENTS
Introduction
Why the Cloud? Definitions and Roles
Cloud Service Categories (SaaS, Paas, Iaas)
Deployment Models (Public, Private, Hybrid)
Key Principles of Enterprise Architecture
Network Security and Perimeter
Identity and Access Management
Media Sanitization
Virtualization Security
Threats
Business Continuity