What is the Cloud? Definition: “ The cloud is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction” – NIST Information Technology Laboratory
Software As A Service (SaaS) – Managed application/service where customers consume application resources as needed, without impact to internal computing resources. Security provided by cloud vendor
Platform as a Service (PaaS) - Developers build and manage their own custom applications on top of platform provided by the cloud vendor . Application and data security managed by cloud customer.
Infrastructure as a Service (IaaS) - Cloud vendor provides storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software which can include operating systems and applications. Cloud vendor protects infrastructure, but operating systems, applications, and content is managed and secured by the cloud consumer .
Key Takeaway - The lower down the stack the cloud service provider goes, the more security capabilities and management enterprises are responsible for.
Public: Made available to the general public or large industry group and is owned by an organization selling cloud services.
Private: Operated solely for a single or group of organizations isolated among peers. May be managed by the organization or a third party and may exist on-premise or off-premise.
Community: Shared by several organizations and supports a specific community that has shared concerns. May be managed by the organization or a third party and may exist on-premise or off-premise.
Hybrid : Composed of two or more clouds (Private, Community, or Public) that remain unique, but are bound together standardized or proprietary technology that enables data and application portability (cloud bursting for load balancing between clouds).
“ You can delegate authority, but you can never delegate responsibility for delegating a task to someone else. If you picked the right man, fine, but if you picked the wrong man, the responsibility is yours -- not his.”