Cloud security deployments

1.2 Compare security deployments

📘Cisco Certified CyberOps Associate (200-201 CBROPS v1.2, 2025 Update)

---

Cloud Security Deployments

Cloud security deployments refer to how organizations secure data, applications, and services hosted in the cloud. Because cloud computing involves storing and processing data on third-party servers, security in the cloud has unique requirements compared to traditional on-premises security.

There are three main cloud deployment models:

1. Public Cloud
2. Private Cloud
3. Hybrid Cloud

And three main service models:

1. IaaS (Infrastructure as a Service)
2. PaaS (Platform as a Service)
3. SaaS (Software as a Service)

Let’s go through each part.

---

1. Cloud Deployment Models

A. Public Cloud

• The cloud resources are owned and managed by a third-party provider (like AWS, Azure, or Google Cloud).
• Users share the physical infrastructure with other customers but have isolated virtual environments.
• Security focus:
  • Protect data in transit (encryption for communication).
  • Protect data at rest (encryption in storage).
  • Control user access (Identity and Access Management – IAM).
• Example: Hosting a company website on a public cloud VM. Security measures include firewall rules, IAM roles, and SSL/TLS for website traffic.

B. Private Cloud

• The cloud infrastructure is used exclusively by one organization.
• Can be hosted on-premises or by a third-party provider.
• Offers more control and security because it’s not shared with other organizations.
• Security focus:
  • Strong internal access control.
  • Monitoring and logging within the private environment.
• Example: A financial company hosting its internal accounting software on a private cloud with strict role-based access.

C. Hybrid Cloud

• Combines public and private clouds.
• Organizations can run sensitive workloads in the private cloud and less sensitive workloads in the public cloud.
• Security focus:
  • Secure data transfer between private and public clouds.
  • Unified access control and monitoring across both environments.
• Example: A company storing customer data in a private cloud but running analytics workloads on a public cloud.

---

2. Cloud Service Models

A. IaaS (Infrastructure as a Service)

• Provides virtualized computing resources over the internet (servers, storage, networks).
• User is responsible for the operating system, applications, and data security, while the cloud provider manages hardware, networking, and virtualization.
• Security focus:
  • Secure OS and applications.
  • Patch management.
  • Network security (firewalls, security groups).
• Example: Deploying virtual machines on AWS EC2 or Azure Virtual Machines and configuring firewall rules and antivirus.

B. PaaS (Platform as a Service)

• Provides hardware and software tools over the internet, usually for application development.
• The cloud provider manages infrastructure, OS, and runtime environment.
• User focuses on applications and data security.
• Security focus:
  • Secure the application code.
  • Protect APIs and data.
  • Manage user authentication and permissions.
• Example: Using Azure App Service to host a web application. Security includes configuring HTTPS, managing API keys, and using IAM.

C. SaaS (Software as a Service)

• Delivers fully functional applications over the internet.
• The cloud provider manages everything: infrastructure, platform, and the application itself.
• User is mainly responsible for user access and data security.
• Security focus:
  • Strong password policies.
  • Multi-factor authentication (MFA).
  • Data backup and compliance.
• Example: Using Google Workspace or Microsoft 365. Security includes controlling user accounts, sharing permissions, and data encryption.

---

3. Key Cloud Security Principles

1. Shared Responsibility Model
   • Security responsibilities are shared between the cloud provider and the customer.
   • Example:
     • Provider secures the cloud infrastructure.
     • Customer secures applications and data.
2. Identity and Access Management (IAM)
   • Ensure only authorized users can access cloud resources.
   • Use role-based access control (RBAC).
   • Example: Developers only access the dev environment, not the production environment.
3. Data Security
   • Encryption in transit: Secure data moving over the network (TLS/SSL).
   • Encryption at rest: Secure stored data on cloud storage.
   • Example: Encrypting a cloud database with AES-256 encryption.
4. Monitoring and Logging
   • Monitor activities in cloud environments to detect attacks or misconfigurations.
   • Example: Using AWS CloudTrail or Azure Monitor to track access to cloud resources.
5. Compliance
   • Ensure cloud deployments meet regulations such as GDPR, HIPAA, or PCI DSS.
   • Example: Ensuring cloud storage location and access controls meet industry compliance standards.

---

4. Common Cloud Security Tools

• Cloud Access Security Broker (CASB): Monitors and enforces security policies between users and cloud services.
• Cloud Workload Protection Platform (CWPP): Protects workloads, VMs, and containers in the cloud.
• Security Information and Event Management (SIEM): Collects and analyzes logs from cloud resources.

---

5. Exam Tips

• Remember the shared responsibility model: know what the cloud provider handles vs. what the customer handles.
• Know the differences between IaaS, PaaS, SaaS, and which layer of security each is responsible for.
• Be able to identify security best practices: IAM, encryption, monitoring, and compliance.
• Understand deployment models: public, private, hybrid, and what security challenges exist for each.

---

✅ In summary:
Cloud security deployments involve securing cloud-hosted resources, understanding different deployment and service models, enforcing access controls, encrypting data, monitoring activity, and complying with regulations. For the exam, focus on models, shared responsibility, and basic security measures.