三叉戟

Summary
In this chapter, we’ve discussed the shared and distinct responsibilities of the cloud customer and provider in terms of managing risk as well as BC/DR activities. We also explored the specific risks associated with each of the cloud computing platforms (private, community,
public, hybrid, IaaS, PaaS, and SaaS) and detailed countermeasures for dealing with them.
Finally, we discussed some of the potential threats and vulnerabilities that constitute the
cloud attack surface.
Exam Essentials
Know how cloud security responsibilities are shared between the customer and provider.The shared responsibility model states that security is the responsibility of both the cloud provider and the customer. The division of this responsibility depends upon the type of service and the details of the contract. In general, providers bear more responsibility under a SaaS model and customers bear more responsibility under an IaaS model.
Know the design patterns available to assist you in developing secure cloud architectures.There are many resources that you can draw upon to help you in designing secure cloud environments. These include the well- architected frameworks available from major cloud vendors including AWS, Microsoft, and Google, as well as vendor- neutral design principles available from the SANS Institute and the Cloud Security Alliance.
Know the risks associated with each type of cloud platform. Understand that the more services provided by a vendor, the greater the degree of risk introduced by that vendor relationship. Risks also differ based upon the nature of the shared cloud environment, with private clouds offering a lower risk exposure than public and community clouds.
Understand BC/DR in the cloud. Be aware of the similarities to BC/DR plans and activities in the traditional environment, but pay particular attention to the increased complexity of arrangements necessary between cloud customer and provider and the significant importance of the contract in this regard.