Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
20 views2 pages

CC Unit2 Overview-1

Uploaded by

amanevxx
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views2 pages

CC Unit2 Overview-1

Uploaded by

amanevxx
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Introduction to Cloud Computing

Types of Clouds:

● Public Cloud: Open to the public and accessible by anyone over the internet. (e.g. Amazon
Web Services (AWS))
● Private Cloud: Owned and operated by a single organization for its exclusive use.
● Hybrid Cloud: Combines public and private clouds, offering flexibility and resource
management options.

Deploying Software/Web Apps in the Cloud:

● Benefits:
○ Rapid deployment and scaling: Applications can be deployed and scaled quickly to
meet changing demands.
○ Reduced capital expenditures: Lower upfront costs compared to traditional IT
infrastructure.
○ Increased flexibility and scalability: Resources can be easily adjusted as needed.

Cloud Platform Models:

● Infrastructure as a Service (IaaS): Delivers virtualized computing resources like servers,


storage, and networking. (e.g. AWS EC2)
● Platform as a Service (PaaS): Provides a platform for developing, deploying, and managing
applications. (e.g. Heroku)
● Software as a Service (SaaS): Offers ready-to-use applications accessible over the internet.
(e.g. Salesforce)

Essential Cloud Characteristics:

● On-demand self-service: Users can provision resources without human interaction.


● Broad network access: Resources are available over the network.
● Resource pooling: Resources are pooled to serve multiple consumers.
● Rapid elasticity: Resources can be rapidly provisioned and released.
● Measured service: Resource usage is metered for cost optimization.

Comparing Cloud vs Traditional IT:

● Cloud: Offers on-demand, scalable resources with pay-as-you-go pricing.


● Traditional IT: Requires upfront capital expenditure (CapEx) and fixed pricing models.

Cloud Information Security

Security Objectives:

● Confidentiality: Protecting unauthorized access to data.


● Integrity: Ensuring data accuracy and preventing unauthorized modifications.
● Availability: Maintaining accessibility of data and systems for authorized users.
Cloud Security Services:

● Identity and Access Management (IAM): Controls access to cloud resources.


● Data Encryption: Protects data at rest and in transit.
● Network Security: Secures communication between cloud environments and users.
● Compliance and Governance: Ensures adherence to security regulations and best
practices.
● Incident Response: Processes for detecting, containing, and recovering from security
incidents.

Security Design Principles:

● Least Privilege: Granting users only the minimum permissions needed for their tasks.
● Defense in Depth: Implementing multiple security layers to mitigate risks.
● Default Deny: Blocking unauthorized access by default.
● Separation of Duties: Distributing security responsibilities to prevent single points of failure.
● Economy of Security: Balancing security controls with cost and effort.

Secure Software Requirements:

● Authentication/Authorization: Verifying user identities and controlling access to resources.


● Data Encryption: Securing data throughout its lifecycle.
● Input Validation/Sanitization: Preventing malicious code injection and data manipulation.
● Error Handling/Logging: Proper handling of errors and recording security events.
● Secure Communication: Using secure protocols for data transmission.

Secure Development Practices:

● Secure Coding: Writing code that is resistant to vulnerabilities.


● Code Reviews: Regularly reviewing code for security flaws.
● Penetration Testing: Simulating cyberattacks to identify weaknesses.
● Vulnerability Management: Identifying, prioritizing, and remediating security vulnerabilities.
● CI/CD Security Integration: Integrating security testing into the development and
deployment pipeline.

Development Approaches:

● Agile: Integrates security considerations into each development iteration.


● Waterfall: Addresses security at each stage of the development lifecycle.
● DevOps: Automates security testing throughout the development process.
● Continuous Delivery: Ensures security is part of every software release.

Security Policy Implementation:

● Policy Development: Creating clear and concise security policies.


● Policy Enforcement: Implementing mechanisms to enforce security policies.
● Policy Monitoring: Regularly monitoring compliance with security policies.
● Policy Review/Update: Reviewing and updating security policies as needed.

You might also like