Module 1: Cloud Fundamentals
Understanding cloud architecture, models, and security challenges.
Learning Objectives
- • Understand cloud service models (IaaS, PaaS, SaaS)
- • Learn about the shared responsibility model
- • Explore cloud security challenges
- • Understand identity and access management
Cloud Service Models
Cloud computing offers different service models that provide varying levels of control and responsibility. Understanding these models is crucial for implementing appropriate security measures.
IaaS (Infrastructure as a Service):
Provides virtualized computing resources over the internet.
- • Customer manages: OS, applications, data, runtime, middleware
- • Provider manages: Servers, storage, networking, virtualization
- • Examples: AWS EC2, Azure Virtual Machines, Google Compute Engine
PaaS (Platform as a Service):
Provides platform and environment for application development.
- • Customer manages: Applications, data
- • Provider manages: OS, runtime, middleware, servers, storage, networking
- • Examples: AWS Elastic Beanstalk, Azure App Service, Google App Engine
SaaS (Software as a Service):
Delivers software applications over the internet.
- • Customer manages: Data, user access
- • Provider manages: Applications, OS, runtime, middleware, servers, storage, networking
- • Examples: Salesforce, Microsoft 365, Google Workspace
Shared Responsibility Model
The shared responsibility model is fundamental to cloud security. It defines which security aspects are managed by the cloud provider versus the customer.
Cloud Provider Responsibilities:
- • Physical security of data centers
- • Hardware and infrastructure security
- • Network and virtualization security
- • Platform and application security (PaaS/SaaS)
Customer Responsibilities:
- • Data security and encryption
- • Identity and access management
- • Application security (IaaS/PaaS)
- • Network and firewall configuration
Cloud Security Challenges
Cloud environments introduce unique security challenges that differ from traditional on-premises infrastructure. Understanding these challenges is essential for effective cloud security.
Data Security:
- • Data encryption in transit and at rest
- • Data residency and compliance requirements
- • Data backup and recovery procedures
- • Data loss prevention (DLP)
Identity and Access Management:
- • Multi-factor authentication (MFA)
- • Role-based access control (RBAC)
- • Privileged access management
- • Identity federation and SSO
Compliance and Governance:
- • Regulatory compliance (GDPR, HIPAA, SOX)
- • Cloud security frameworks
- • Audit and monitoring requirements
- • Risk assessment and management
Identity and Access Management (IAM)
IAM is a critical component of cloud security that controls who can access what resources and when. Proper IAM implementation follows the principle of least privilege.
IAM Components:
- • Users: Individual accounts with unique credentials
- • Groups: Collections of users for easier management
- • Roles: Sets of permissions that can be assigned
- • Policies: Documents that define permissions
IAM Best Practices:
- • Use least privilege principle
- • Implement strong password policies
- • Enable multi-factor authentication
- • Regular access reviews and audits
Module 1: Cloud Fundamentals Quiz
Question 1: What is the shared responsibility model in cloud security?
This model defines which security responsibilities belong to the cloud provider versus the customer.
Question 2: Which cloud service model provides the most control to the customer?
This model gives customers the most responsibility and control over their infrastructure.
Question 3: What is the primary purpose of Identity and Access Management (IAM) in cloud security?
This helps control who can access what resources in the cloud environment.