Cloud Security Principles and Frameworks.md - Juan-bit94/Ops401D10 GitHub Wiki

Cloud Security Principles and Frameworks

Why does this topic matter?

  • This topic matters because organizations are shifting to the cloud to take advantage of the power, speed, and flexibility of IT infrastructure in the cloud. With this change comes the need to be aware of the concept of shared responsibility, and security frameworks that both clients and providers need to comply with.
  • Clients need to know the responsibility they have when using any of the offerings from a cloud provider such as IaaS, PaaS, and PaaS.
  • Cloud providers, depending on the services that clients use, will provide consumers with documentation that verifies that there offerings adhere to trusted compliance methods for auditing.

Explain the levels of abstraction in AWS to someone without a technical background.

  • I would explain the levels of abstractions in AWS as so: levels of abstraction is the difference between how much control/responsibility the client and consumer has for a particular service.
  • The higher the level of abstraction the more the cloud provider will offload the client from a workload. For example, you could use AWS to spin up and deploy a database instance. AWS is responsible for the underlying infrastructure (the availability zone) that allows for the creation of the instance, while the client is responsible for the data and management of how the instance is used. If the client does not want to manage the data and offload the responsibility to AWS, it can be done, but keep in mind the cost of the higher level of abstraction.

What are the control plane and data plane responsible for in container abstraction?

  • The control plane is responsible for exposing the API and interfaces to define, deploy, and lifecycle containers.
  • The data plane is responsible for providing capacity (as in CPU/Memory/Network/Storage) so that those containers can actually run and connect to a network.

Where does AWS Lambda fall in the layers of abstraction and what makes it so special?

  • AWS lambda falls in the highest layer of abstraction, which is function. Lambda is an execution environment that allows an AWS customer to run a single function. Lambda is special because it is an event driven model, you can invoke lambda directly via AWS API gateway, and trigger a lambda function upon an event is another AWS service such as S3 and DynamoDB.

Things I want to know more about.

  • I would like to know if AWS offers documentation that shows its offerings are in compliance with regulatory laws.