CCSK

Expand all | Collapse all

Cloud Deployment Models- Pros & Cons

  • 1.  Cloud Deployment Models- Pros & Cons

    Posted Sep 18, 2020 11:11:00 AM

    In your opinion what are the pro and cons of different Cloud Deployment Models for cloud computing? What Cloud Deployment Model do you use if any? (Public Cloud, Private Cloud, Community, Hybrid)

    Best,



    ------------------------------
    Anna C. Schorr
    Training Administrative Assistant
    CSA
    ------------------------------


  • 2.  RE: Cloud Deployment Models- Pros & Cons

    Posted 23 days ago

    Thank you @Ram Marappan for the information :). I am sharing this publically for the CCSK community.  If anyone has anything to add, please do so via this thread. 

    Message From: Ram Marappan

    Hello Anna,

    For your review. The material shown below is extracted from Microsoft site.

    Public cloud

    This is the most common deployment model. In this case, there is no on-premise physical server to manage or keep up-to-date – everything runs on the cloud provider's infrastructure. The cloud provider's infrastructure is shared with other cloud users. Therefore it is open to the public.

    Advantages:

      • No CapEx. You don't have to buy a new server in order to scale.
      • Agility. Applications can be made accessible quickly and deprovisioned whenever needed.
      • Consumption-based model. Organizations pay only for what they use and operate under an OpEx model.
      • Maintenance. Organizations have no responsibility for hardware maintenance or updates.
      • Skills. No deep technical skills are required to deploy, use, and gain the benefits of a public cloud. Organizations can leverage the skills and expertise of the cloud provider to ensure workloads are secure, safe, and highly available.

    Disadvantages:

      • Security. There may be specific security requirements that cannot be met by using public cloud.
      • Compliance. There may be government policies, industry standards, or legal requirements which public clouds cannot meet.
      • Ownership. Organizations don't own the hardware or services and cannot manage them as they may wish.
      • Specific scenarios. If organizations have a unique business requirement, such as having to maintain a legacy application, it may be hard to meet that requirement with public cloud services.

    Private cloud

    In a private cloud, one may own and managed a data center or lease a  data center space from data center provider/cloud service provider. The hardware and software are owned and managed by the user or leased from the IT service provider/cloud service provider and provide self-service access to compute resources to users in their organization only. The user and cloud service provider are both responsible for the purchase and maintenance of the hardware and software services you provide.

    Advantages:

      • Control. Organizations have complete control over the resources.
      • Security. Organizations have complete control over security.
      • Compliance. If organizations have very strict security, compliance, or legal requirements, a private cloud may be the only viable option.
      • Specific scenarios. If an organization has a specific scenario not easily supported by a public cloud provider (such as having to maintain a legacy application), it may be preferable to run the application locally.

    Disadvantages:

      • Upfront CapEx. Hardware must be purchased for start-up and maintenance.
      • Agility. Private clouds are not as agile as public clouds, because you need to purchase and set up all the underlying infrastructure before they can be leveraged.
      • Maintenance. Organizations have the responsibility for hardware maintenance and updates.
      • Skills. Private clouds require in-house IT skills and expertise that may be hard to get or be costly.

    Hybrid cloud

    A hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location. For example, you could host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises datacenter).

    Advantages:

      • Flexibility. The most flexible scenario: with a hybrid cloud setup, an organization can decide to run their applications either in a private cloud or in a public cloud.
      • Costs. Organizations can take advantage of economies of scale from public cloud providers for services and resources as they wish. This allows them to access cheaper storage than they can provide themselves.
      • Control. Organizations can still access resources over which they have total control.
      • Security. Organizations can still access resources for which they are responsible for security.
      • Compliance. Organizations maintain the ability to comply with strict security, compliance, or legal requirements as needed.
      • Specific scenarios. Organizations maintain the ability to support specific scenarios not easily supported by a public cloud provider, such as running legacy applications. In this case, they can keep the old system running locally, and connect it to the public cloud for authorization or storage. Additionally, they could host a website in the public cloud, and link it to a highly secure database hosted in their private cloud.

    Disadvantages:

      • Upfront CapEx. Upfront CapEx is still required before organizations can leverage a private cloud.
      • Costs. Purchasing and maintaining a private cloud to use alongside the public cloud can be more expensive than selecting a single deployment model.
      • Skills. Deep technical skills are still required to be able to set up a private cloud.
      • Ease of management. Organizations need to ensure there are clear guidelines to avoid confusion, complications or misuse.


    ------------------------------
    Anna Schorr
    Training Administrative Assistant
    CSA
    ------------------------------



  • 3.  RE: Cloud Deployment Models- Pros & Cons

    Posted 22 days ago
    I don't really see cons with the deployment models as much as I see issue's arise when customers don't have clearly defined requirements and/or are just doing a lift and shift without doing the necessary preparation in advance. I work for an MSP and most of our customers have a Hybrid model. Hybrid allows customer to start small depending on their requirements and after gaining experience then start to migrate more workloads over if/when they determine it's been beneficial.

    All of my customers are in the FED space and I remind them of the regulatory and governance issue's that may arise when data leaves their physical Data Center and makes it way to the cloud provider. Also, we talk about the possible fallout of having a breach onsite reach into the cloud or having a breach in the cloud reach back onsite and the security controls needed to prevent that.

    ------------------------------
    brian dorsey
    SE
    FCN Technology Solutions
    ------------------------------



  • 4.  RE: Cloud Deployment Models- Pros & Cons

    Posted 21 days ago

    Thank you for the insight, Brian. When customers don't have clearly defined requirements is there a process to help guide them? It seems to be a trend for companies to invest in software/technologies before actually knowing what they need. Also, I know sometimes I can be overwhelmed by the number of options there are for supporting business operations. 

    I know we have all heard of the Stars whose clouds have been hacked and personal content has been leaked. I also know it seems to become more increasingly common for companies to be targetted and customer data to be stolen. What are some examples of security controls? Also, I am curious what are some regulatory and governance issues when data leaves a physical space and makes it way onto the cloud? 


    Very interesting stuff! Thank you for your time.

    Best, 



    ------------------------------
    Anna Schorr
    Training Administrative Assistant
    CSA
    ------------------------------



  • 5.  RE: Cloud Deployment Models- Pros & Cons

    Posted 22 days ago
    Edited by Guillaume Boutisseau 22 days ago

    From a cloud migration point of view, the pros and cons of the different deployment models will depend essentially on the performance, cost (budget), and security requirements that you have.


    Hybrid is probably the most popular type of deployment at this time.



    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------



  • 6.  RE: Cloud Deployment Models- Pros & Cons

    Posted 21 days ago
    Shared responsibilities for each of the general SPI model levels broken out for the CCM in a document under/completing peer review. That should help highlight pros/cons...






  • 7.  RE: Cloud Deployment Models- Pros & Cons

    Posted 21 days ago

    Thank you, Jon-Michael. That is good to know. I will check that out.


    Best,



    ------------------------------
    Anna Schorr
    Training Administrative Assistant
    CSA
    ------------------------------



  • 8.  RE: Cloud Deployment Models- Pros & Cons

    Posted 21 days ago

    Thank you, Guillaume. What deployment model is that most secure? What can we do to make the cloud more secure? As you increase the price, does performance and security also increase? Or are the two not correlated? Or are they negatively correlated (as you increase performance, you lose control of security)?


    Best,



    ------------------------------
    Anna Schorr
    Training Administrative Assistant
    CSA
    ------------------------------



  • 9.  RE: Cloud Deployment Models- Pros & Cons

    Posted 15 days ago

    There isn't a deployment model/type that is automatically more (or less) secure than another. Private gives you more visibility and control (incl up to hardware and facilities), but it is still possible to misconfigure it and make it vulnerable. Public doesn't give you that same depth of visibility and control, but you are secure if you use it correctly.

    If you know your requirements and understand what can be achieved with the different deployment models (and also with the different SPI service models), you are more likely to make the right security decisions. The CCM, the CSA guidance and the CCSK cert will help with all that.

    As for {security-cost-performance}, good security can be improved with the right architectural choices, (for example by taking advantage of the strengths of the different models and going Hybrid), and you can optimize cost and performance at the same time.



    ------------------------------
    Guillaume Boutisseau
    CCSK Authorized Instructor , CCSP
    ------------------------------



  • 10.  RE: Cloud Deployment Models- Pros & Cons

    Posted 12 days ago

    Thank you Guillaume for your response. It was very informative. I really appreciate the education. 


    My next question and this is open to the group, is why do people's and organization's clouds get hacked? It seems to be an increasing problem in today's society. Is it due to a lack of security, human error, etc.? It seems like its not just personal accounts being hacked anymore, but even big-name companies who should know better. What is the group's personal opinion on cloud hacks and what we can do to reduce them?


    Thank you in advance for your contribution. 



    ------------------------------
    Anna Schorr
    Training Administrative Assistant
    CSA
    ------------------------------



  • 11.  RE: Cloud Deployment Models- Pros & Cons

    Posted 11 days ago

    Hack is an interesting word in and of itself these days. While there are a multitude of reasons why someone may get hacked in the cloud for me personally the number one reason is the same reason it happens on-prem and that's b/c of PEOPLE. If I am a visitor in your office and I plug my laptop in a jack is it hot, should I be able to pull an ip. Is your lan closet also your broom closet. If you do not have a clear security policy, accurate inventory, visibility into your environment, etc. and you move to the cloud then I see a lot customers bring those same habits to the cloud.

    We have a very nice security system at home. We have motion sensors, lights outside, sensors for sound in case someone breaks a window and still My wife and kids like to open the back door and put the windows up to get some fresh air when it's nice outside. What the loves of my life do not like to do is lock those same windows and back door when they shut them, so every night I walk the house and check the windows and back door. That's not my sensors fault, or my security system, or the lights and my house is not insecurely built. This year 20 in the field for me and there's more products and solutions than I can ever remember. Security is a mindset and a culture.



    ------------------------------
    Brian Dorsey
    ------------------------------



  • 12.  RE: Cloud Deployment Models- Pros & Cons

    Posted 5 days ago

    Thank you Brian for your post and the analogy.  I totally agree with you! In my security training experience, I have also learned that hacks and stolen information are often due to human error. What frustrates me though, is a lot of companies do not teach their employees best security practices. They take for granted that employees should be able to recognize a trojan or phishing email, for example. However, these things have only existed for a few decades.

    NINJIO is one of my favorite security training programs. It is gamified, there is a new episode every week, and it is easy for nonsecurity background people to understand and digest. Does anyone else have suggestions for a security training program? How can we make our data more secure and educate ourselves and our coworkers?

    Best,



    ------------------------------
    Anna Schorr
    Training Content Development
    CSA
    ------------------------------



  • 13.  RE: Cloud Deployment Models- Pros & Cons

    Posted yesterday
    Hi Anna,

    We have been conducting very sucessful training with our companies user base using "Nano Learning". These are 2 -3 min targetted training sessions. It maybe a series of say 10 lessons (1 every 2 - 4 weeks). Users will receive specific, targeted topics , eg. phising, what to look for, identify , how to respond etc... some lessons may have a few quetions during or at the end of the session.
    This has had over whelming approval as a learning format from our users, and with the various post learning exercises like Phishing email test, we saw how well our users identified and followed teh vaious processes as a result of the training...

    /Kevin

    ------------------------------
    Kevin Stander
    ------------------------------



  • 14.  RE: Cloud Deployment Models- Pros & Cons

    Posted yesterday

    Thank you for your response, Kevin. It is very helpful.

    Does your company create these "Nano Leaning" training sessions yourselves? Or do you use a third-party to facilitate these trainings? 

    I know NINJIO was a huge success at my company and was something employees looked forward to. These sessions were also 2-3 min targetted training sessions and had a few questions at the end of each session to measure understanding. I credit a lot of my cybersecurity knowledge to these trainings.



    ------------------------------
    Anna Campbell Schorr
    Training Content Development
    Cloud Security Alliance
    aschorr@cloudsecurityalliance.org
    ------------------------------



  • 15.  RE: Cloud Deployment Models- Pros & Cons

    Posted 6 hours ago
    Its done in conjunction with 3rd party , Junglemap.

    the theme of only 2-3mins doesn't say much about the attention span our users have (only kidding if I have any of the users from my company reading this)
    ...LOL

    ------------------------------
    Kevin Stander
    ------------------------------



  • 16.  RE: Cloud Deployment Models- Pros & Cons

    Posted 3 hours ago
    Thank you for the information and quick reply, Kevin. I will have to check out Junglemap.

    Haha...I think these days everyone's attention spans are a little fried. :P

    ------------------------------
    Anna Campbell Schorr
    Training Content Development
    Cloud Security Alliance
    aschorr@cloudsecurityalliance.org
    ------------------------------



  • 17.  RE: Cloud Deployment Models- Pros & Cons

    Posted 6 hours ago
    HI Kevin,

    How can i as an indiividual contribute there.
    do we have such option..
    Also please provide the link of the portal or website.
    I am interested in attending as well contributing in it.\
    Please indicate the feasibility, further i have knowledge base in cyber security,cloud security

    Thanks\
    Vipul Dabhi

    ------------------------------
    Vipul Dabhi
    Associate Consultant
    Na
    ------------------------------