6 Deployment Models Private cloud Infrastructure that is operated exclusively by and for the organization that owns it Community cloud Shared by several organizations with common needs, interests, or goals Public cloud Owned by a cloud service provider and offered to the general public Hybrid cloud Composed of two or more types of clouds, connected by technology that enables data and applications to balance loads among those clouds From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Deployment Models • Private cloud • Infrastructure that is operated exclusively by and for the organization that owns it • Community cloud • Shared by several organizations with common needs, interests, or goals • Public cloud • Owned by a cloud service provider and offered to the general public • Hybrid cloud • Composed of two or more types of clouds, connected by technology that enables data and applications to balance loads among those clouds 6
7 Cloud Migration Risk Analysis Identify assets Determine vulnerabilities Estimate likelihood of exploitation Compute expected loss Survey and select new controls Project savings From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Cloud Migration Risk Analysis • Identify assets • Determine vulnerabilities • Estimate likelihood of exploitation • Compute expected loss • Survey and select new controls • Project savings 7
8 Cloud Provider Assessment Security issues to consider Authentication authorization and access control options Encryption options Audit logging capabilities Incident response capabilities Reliability and uptime Resources to help with assessment FedRAMP PCI DSS CSA STAR From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Cloud Provider Assessment • Security issues to consider: • Authentication, authorization, and access control options • Encryption options • Audit logging capabilities • Incident response capabilities • Reliability and uptime • Resources to help with assessment: • FedRAMP • PCI DSS • CSA STAR 8
9 Switching Cloud Providers Switching cloud providers is expensive and difficult but sometimes becomes necessary and urgent It is best to have backup options in place in case a migration away from a cloud provider is necessary, but many cloud providers make that practically impossible SaaS providers are generally hardest to migrate away from followed by Paas, then laas From Security in Computing, Fifth Edition, by Charles P Pfleeger, et al. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Switching Cloud Providers • Switching cloud providers is expensive and difficult but sometimes becomes necessary and urgent • It is best to have backup options in place in case a migration away from a cloud provider is necessary, but many cloud providers make that practically impossible • SaaS providers are generally hardest to migrate away from, followed by PaaS, then IaaS 9