3.1 Identify security solutions for cloud environments
📘CompTIA Security+ (SY0-701)
Introduction to Cloud Computing (Exam Context)
Cloud computing means using shared or dedicated computing resources (servers, storage, networks, applications) that are delivered over a network instead of being hosted locally on personal computers or on-site data centers.
For the SCOR exam, you must:
- Understand different cloud deployment models
- Know how security responsibilities differ
- Identify security risks and controls for each cloud type
Cisco expects you to recognize cloud models and their security implications, not to configure cloud platforms in depth.
Cloud Deployment Models (Overview)
There are four main cloud deployment models tested in the exam:
- Public Cloud
- Private Cloud
- Hybrid Cloud
- Community Cloud
Each model differs in:
- Ownership
- Control
- Data location
- Security responsibility
1. Public Cloud
Definition
A public cloud is a cloud environment where:
- Infrastructure is owned and managed by a cloud provider
- Resources are shared among multiple customers
- Access is provided over the internet
Common Public Cloud Providers
- Amazon Web Services (AWS)
- Microsoft Azure
- Google Cloud Platform (GCP)
How Public Cloud Is Used in IT Environments
- Hosting virtual machines
- Running applications
- Storing backups and data
- Providing scalable services on demand
Users do not manage physical hardware.
Security Responsibility (Very Important for Exam)
Public cloud uses the Shared Responsibility Model:
| Responsibility | Cloud Provider | Customer |
|---|---|---|
| Physical data centers | ✔ | ✘ |
| Hardware & networking | ✔ | ✘ |
| Virtualization layer | ✔ | ✘ |
| Operating systems | ✘ | ✔ |
| Applications | ✘ | ✔ |
| Data protection | ✘ | ✔ |
| User access control | ✘ | ✔ |
📌 Exam Key Point:
The cloud provider secures the infrastructure, but the customer secures data, users, and applications.
Security Features in Public Cloud
- Identity and Access Management (IAM)
- Encryption at rest and in transit
- Network security groups and firewalls
- Logging and monitoring
- Multi-factor authentication (MFA)
Security Risks
- Misconfigured cloud resources
- Weak access controls
- Data exposure due to public internet access
- Shared infrastructure risks (multi-tenancy)
Exam Summary – Public Cloud
- Most cost-effective and scalable
- Less control over infrastructure
- Shared responsibility is critical to understand
2. Private Cloud
Definition
A private cloud is a cloud environment that:
- Is used by only one organization
- Can be hosted on-premises or off-premises
- Provides full control over infrastructure
How Private Cloud Is Used in IT Environments
- Hosting sensitive applications
- Running internal enterprise services
- Storing confidential data
Private cloud often uses:
- Virtualization
- Automation
- Self-service portals
Security Responsibility
| Responsibility | Organization |
|---|---|
| Physical security | ✔ |
| Network security | ✔ |
| Server and storage security | ✔ |
| Identity and access control | ✔ |
| Data protection | ✔ |
📌 Exam Key Point:
In a private cloud, the organization is responsible for all security.
Security Advantages
- Full control over security policies
- Easier compliance with regulations
- Dedicated infrastructure
- Custom security architecture
Security Challenges
- High cost
- Requires skilled staff
- Maintenance and patching responsibility
Exam Summary – Private Cloud
- Highest control
- Highest responsibility
- Used for high-security environments
3. Hybrid Cloud
Definition
A hybrid cloud combines:
- Private cloud and public cloud
- Allows data and applications to move between them
How Hybrid Cloud Is Used in IT Environments
- Sensitive data remains in private cloud
- Less sensitive workloads run in public cloud
- Backup and disaster recovery
- Gradual cloud migration
Security Responsibility
| Environment | Security Responsibility |
|---|---|
| Private cloud | Organization |
| Public cloud | Shared responsibility |
📌 Exam Key Point:
Security must be consistent across both environments.
Security Challenges in Hybrid Cloud
- Identity management across environments
- Secure connectivity (VPN or encrypted links)
- Policy consistency
- Visibility and monitoring
Common Security Solutions
- VPN or IPsec tunnels
- Identity federation (Single Sign-On)
- Centralized logging
- Unified security policies
Exam Summary – Hybrid Cloud
- Combines flexibility and control
- More complex security management
- Common in enterprise environments
4. Community Cloud
Definition
A community cloud is:
- Shared by multiple organizations
- Built for organizations with common security or compliance needs
- Managed by one or more members or a third party
How Community Cloud Is Used in IT Environments
- Organizations with similar regulatory requirements
- Shared platforms with agreed security standards
- Collaboration between trusted entities
Security Characteristics
- Shared infrastructure
- Common security policies
- Restricted access to approved members
- Higher trust than public cloud
Security Responsibility
- Infrastructure security: shared
- Data and user security: each organization
- Governance rules are predefined
Exam Summary – Community Cloud
- Shared cloud with common requirements
- More secure than public cloud
- Less flexible than private cloud
Comparison Table (Important for Exam)
| Feature | Public | Private | Hybrid | Community |
|---|---|---|---|---|
| Ownership | Cloud provider | Single organization | Mixed | Multiple organizations |
| Resource sharing | Yes | No | Partial | Yes |
| Control | Low | High | Medium-High | Medium |
| Cost | Low | High | Medium | Medium |
| Security responsibility | Shared | Full | Mixed | Shared |
Key Exam Takeaways
- Understand cloud deployment models
- Know who is responsible for security
- Recognize security risks and benefits
- Focus on shared responsibility model
- Be able to identify the right cloud type for a scenario
Final Exam Tip
For the 350-701 exam, you are not required to configure cloud platforms, but you must identify:
- Cloud deployment types
- Security ownership
- Security implications
