Cloud Computing – CompTIA Security+ SY0-401: 1.3

The term “cloud computing” has many different meanings, depending on the context. In this video, you’ll learn about platforms as a service, software as a service, infrastructure as a service, and the different cloud deployment models.

<< Previous Video: VirtualizationNext: Defense in Depth >>

The term Cloud Computing has been casually thrown around by marketing professionals, but it’s actually a very good way of deploying applications in ways that are very flexible. In this video, we’ll look at a number of different ways that cloud computing can be used, and I think after watching this video, you’ll find you’re already taking advantage of resources and applications that are using these cloud computing infrastructures.

The first implementation of cloud computing that we’ll look at is called platform as a service. You may see this abbreviated as PaaS. In platform as a service, you don’t have any software. You don’t have any hardware. You don’t maintain a data center. There’s no heating and there’s no cooling. You are just the end user. And you’re taking advantage of someone else’s infrastructure and simply using the platform that they’ve created to run your application or take advantage of a service.

The challenge from a security perspective though is that you do not have direct control over any of this infrastructure. You can’t touch the application. You don’t have control over the security of a server. You don’t handle the server patching. So you may not have a direct security control over when those types of patches are applied. There is a completely different group of trained professionals that are in charge of keeping that service running. And they’re going to make sure that you have access to this platform, and you’re able to use the resources on this platform. But everything behind the scenes is something that is hands-off from you directly.

A good example of platform as a service is is a customer relationship manager, or CRM. And they provide a very flexible front end that allows you as the end user to customize exactly how you would like to use their platform. On the back end are the servers and the databases, but generally speaking, you don’t even have to worry about that part. In fact, you hardly ever see that part of the platform.

This allows every single customer to create an experience that’s specific for them. And they don’t have to worry at all of the platform that’s providing that service on the back end. In the past, if you wanted to provide payroll services for your organization, you would need to go to a third-party. You would purchase their software application. You would bring it inhouse and generally install it on your own servers. And then you would be able to create the payroll and process that payroll every month.

With software as a service, we’ve taken that entire process and made it completely turnkey. In fact, the software is usually posted somewhere else through a third-party. And all we simply do is log on to their services to be able to perform that particular tasks. So this way you wouldn’t necessarily need to run your own mail server inside of your organization, or even have your own accounting department with their own platform to be able to provide that payroll service. All you would need to do is log into this software as a service and use the software hosted through a third-party and managed through a third-party to perform these particular tasks.

From a security perspective, using software as a service is very different than having your own servers running your own software in your organization. Take for example payroll. If we use software as a service, we’re connecting to a third-party and using their resources, and putting all of our payroll information on that centralized database that’s somewhere else. Of course, that database is ideally private to us, but it is something that’s now stored outside of our organization. So we have to think about what type of data we’re putting into the cloud, and if someone was to gain access to that information, how would that affect our organization.

A good example of software as a service is something like Google Mail, or any of the other hosted mail services. We’re not running our own email client. We don’t have our own email server. We don’t have to maintain the mail exchange information in our DNS. All of that is handled separately through this software that’s running on someone else’s computers. And of course, it keeps all of our information private. We authenticate into this cloud, to the software as a service on this mail server, but of course we’re always concerned about someone else also authenticating as us and gaining access to that data.

Another implementation of cloud computing that you may see is infrastructure as a service. You may hear this also called hardware as a service, because we are simply acquiring hardware that we could use for our own software. In fact, this hardware may not even have an operating system on it. We are simply taking advantage of hardware that may be located in one or multiple places anywhere in the world. From a security perspective of course, we’re still responsible for this. In fact, we’re even more responsible for this, because now we are in charge of securing the operating system. We’re in charge of securing the software that is running on this hardware. The data is still out in the cloud. It’s outside of our organization. So we have to be very careful about how we implement security on this hardware that we are acquiring in the cloud.

You might see infrastructure as a service used if you ever want to build your own web server, but you didn’t want to do it on a shared resource. You wanted your own hardware that you would run your own software on. In fact, you would have complete control of the operating system. You might also see this if you were hosting an email service externally. And you had your own software for email, and you wanted to control that software, and you just need hardware that was located in the cloud to be able to run that.

And of course, this also allows you to very easily scale, because all of the hardware is located somewhere else. You’re not having to purchase new hardware. You simply buy the hardware in the cloud and load your software on it as you need to expand capacity.

Up to this point we’ve always talked about the cloud as being something that’s outside of our organization, external, and we don’t really have control over it. But the reality is that we could build a cloud anywhere, including in our private data center. And it’s very common these days to see a private cloud that we can then pull our own servers out of the cloud and deploy our own infrastructure as a service, or deploy our own platforms as a service internally within our organization.

You generally see this with larger organizations that have multiple data centers, but it can be done in any type of environment. The kind that we usually talk about when we refer to cloud computing is generally the public cloud, where everyone has access to these resources that are located anywhere in the world. And occasionally there might be a mix of these– a hybrid of public and private. It depends on how your application is used in your environment. You might want to keep your data local, but have the platform as a service located externally in the public cloud.

You may also see a community model of cloud computing, where there might be a central resource in the cloud, like a mail server, and multiple organizations are using that exact same resource to be able to use that service. Something that allows the cloud provider to scale up very easily and support many different customers all on the same platform.