Cloud concepts

- [Instructor] The cloud refers to software and services that run on the internet instead of locally on your computer. The National Institute of Standards and Technology, also referred to as NIST, defines cloud computing as a model for enabling ubiquitous, convenient on-demand network access to a shared pool of configurable computing resources. Most people already use a variety of cloud services without even realizing it. Some examples of cloud services include Gmail, Netflix, Dropbox, Salesforce, and even Instagram. The cloud is causing a revolution in technology. Traditionally, organizations would run their applications and store their data on physical servers located on their own premises. However, this requires heavy investment and is not scalable. With the advent of the cloud, instead of organizations having to make major investments to purchase IT infrastructure, they can access these IT resources and services over the internet through a cloud service provider. As you can see, the cloud offers a range of benefits, most notably, cost savings, scalability, and flexibility. Cloud customer refers to any person or organization that has an arrangement to use IT services made available by a cloud service provider. Cloud service provider, also referred to as CSP, is a third party entity that offers scalable computing resources that a cloud customer can access on demand over the internet. The cloud can be broadly described as consisting of three service models and four deployment models. The four deployment models are public cloud, private cloud, hybrid cloud, and community cloud. We will talk about cloud service models next. Cloud service providers typically deliver services at different levels called cloud service models. There are three main cloud service models, software as a service, making your soup for you, platform as a service, giving you the ingredients and you make your own soup, or infrastructure as a service, letting you use their kitchen to make your own soup. Software as a service is the most common cloud service type. Many of us use it on a daily basis. Software as a service offers on-demand paper use of application software without the need to install the software on your local computer. Platform as a service, also called PaaS, is a cloud environment that provides developers with a framework they can use to build software and applications. Infrastructure as a service, also referred to IaaS, provides users with basic computer infrastructure capabilities like data storage, service and hardware all in the cloud without the need for large onsite physical infrastructures. There are plethora of cloud service providers, large and small. The large cloud service providers include Amazon Web Services, Microsoft Azure, Google Cloud, IBM Cloud and Alibaba Cloud amongst others. Refer to these large cloud service providers as hyperscalers because they can provide cloud services at an enterprise scale. In this course, we will focus on the big three cloud service providers, Amazon Web Services, Microsoft Azure, and Google Cloud. As you implement cloud services, it is critical to understand the shared responsibility model. The shared responsibility model delineates which security obligations are handled by the cloud service provider and which obligations are handled by the cloud customer. The cloud customer's responsibilities vary depending on the cloud service model and other variables. For example, in software as a service, the customer's not responsible for applying operating system updates, but in infrastructure as a service, the customer's responsible for the operating system updates on their cloud infrastructure. We will review the shared responsibility model in detail in the cloud controlled video. In the cloud, there's a concept referred to as management plane. The management plane is the interface used to manage cloud services such as launching virtual machines or configuring virtual networks. From a security perspective, the management plane is a very critical layer as it presents centralized access to all the cloud services and features. If a cyber criminal was to gain access to the management plane, they would potentially have full and unfettered access to the cloud environment. The management plane in AWS is referred to as AWS Management console. In Azure, it's referred to as Azure Portal, and in Google Cloud, it's referred to as Google Cloud Console. We will delve into each of these respective management planes in the next videos. In summary, here's cloud security and audit key points. Understand why the cloud is causing a revolution in technology. Secondly, understand the various cloud service and deployment models. Third, learn the difference between the cloud customer and cloud service provider. Fourth, learn the shared responsibility model and its impact on cloud security. And last but not least, fifth, recognize the significance of the management plan in cloud security.