Readings: Cloud Security Principles and Frameworks

Below you will find reading materials and additional resources that support today’s topic and the upcoming lecture.

• This topic relates to GRC principals, especially with how data is stored, used, and protected.

Reading

AWS Architecture Blog - Compute Abstractions on AWS: A Visual Story

Bookmark and Review

• 13 Compliance Frameworks for Cloud-based Orgs
• Cloud Security Alliance (CSA)
• Cloud Controls Matrix (CCM)
• CSA Security Guidance for Cloud Computing

Explain the levels of abstraction in AWS to someone without a technical background.

The important thing to note is that as the level of abstraction gets higher, the less control over everything a user will have over their "computer" and data. Also, the higher the abstraction, the less technical knowledge one needs to use the service. In general, there's two spaces: consumer space and provider space, with the provider being AWS. The higher the levels of abstraction has AWS controlling everything.

• The first level of abstraction would be bare metal, i.e. the PHYSICAL computer that is being simulated on Amazon's servers.
• The second level would be Amazon Lightsail and Amazon EC2, which allows users to operate virtual computers and manage their websites (like blogs) and web apps, using Amazon's servers.
• The third level is Amazon EKS and ECS, where users control a "container", which is a self-contained environment that virtualizes an OS, but not the computer itself. It has two virtual (logical) parts: a control plane, where a user controls data, and a data plane, where a user configures settings like CPU, Memory, Networks, and Storage.
• The fourth level is AWS Lambda, where users don't even control anything to run code. They just upload it and let AWS figure out how to run it.

What are the control plane and data plane responsible for in container abstraction? -The control plane shows the API, interfaces, and lifecycle containers.

• The data plane gives capacity for the baremetal simulation (so CPU, memory, network, storage) so that a container can actually work and connect to a network.

Where does AWS Lambda fall in the layers of abstraction and what makes it so special?

• Lambda is the fourth level of abstraction and the special thing about it is that its event-driven model that allows it to run code at scale.

Things I Want To Know More About

Who is actually expressing concern about the over-reliance on cloud technology? Also, why do IoT devices REQUIRE you to connect to their cloud service when they can easily allow you to use your own server or storage device? They know there's no inherent security because they sell your personal information to the government, and willingly hand over information to police that actually require search warrants. Why are people in the tech space selling out to governmental agencies so easily?