Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide

You're reading from   CCSP (ISC)2 Certified Cloud Security Professional Exam Guide Build your knowledge to pass the CCSP exam with expert guidance

Arrow left icon
Product type Paperback
Published in Jun 2024
Publisher Packt
ISBN-13 9781838987664
Length 560 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Omar A. Turner Omar A. Turner
Author Profile Icon Omar A. Turner
Omar A. Turner
Ms. Navya Lakshmana Ms. Navya Lakshmana
Author Profile Icon Ms. Navya Lakshmana
Ms. Navya Lakshmana
Arrow right icon
View More author details
Toc

Table of Contents (27) Chapters Close

Preface 1. Chapter 1: Core Cloud Concepts FREE CHAPTER 2. Chapter 2: Cloud Reference Architecture 3. Chapter 3: Top Threats and Essential Cloud Security Concepts and Controls 4. Chapter 4: Design Principles for Secure Cloud Computing 5. Chapter 5: How to Evaluate Your Cloud Service Provider 6. Chapter 6: Cloud Data Security Concepts and Architectures 7. Chapter 7: Data Governance Essentials 8. Chapter 8: Essential Infrastructure and Platform Components for a Secure Data Center 9. Chapter 9: Analyzing Risks 10. Chapter 10: Security Control Implementation 11. Chapter 11: Planning for the Worst-Case Scenario – Business Continuity and Disaster Recovery 12. Chapter 12: Application Security 13. Chapter 13: Secure Software Development Life Cycle 14. Chapter 14: Assurance, Validation, and Verification in Security 15. Chapter 15: Application-Centric Cloud Architecture 16. Chapter 16: IAM Design 17. Chapter 17: Cloud Physical and Logical Infrastructure (Operationalization and Maintenance) 18. Chapter 18: International Operational Controls and Standards 19. Chapter 19: Digital Forensics 20. Chapter 20: Managing Communications 21. Chapter 21: Security Operations Center Management 22. Chapter 22: Legal Challenges and the Cloud 23. Chapter 23: Privacy and the Cloud 24. Chapter 24: Cloud Audit Processes and Methodologies 25. Chapter 25: Accessing the Online Practice Resources 26. Other Books You May Enjoy

Cloud Stakeholders

The International Information Systems Security Certification Consortium (ISC2) CCSP Common Body of Knowledge (CBK) identifies multiple cloud computing stakeholders with specific responsibilities, based primarily on the following International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) standards and NIST special publications:

  • ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)
  • NIST SP 500-292 CCRA

Note

You can read more about the ISO/IEC 17789 CCRA here - https://www.iso.org/standard/60545.html, and the NIST SP 500-292 CCRA here - https://www.nist.gov/publications/nist-cloud-computing-reference-architecture.

The key differences you need to be aware of concerning the identification of these cloud stakeholders are as follows:

  • The ISO/IEC 17789 CCRA defines three main roles with multiple sub-roles in each main role
  • The NIST CCRA defines five key actors

Note

It is important to focus on the cloud service models and cloud delivery models in this chapter. You will learn about the shared responsibility model, the three service models, and the six common deployment models (as mentioned in the NIST definition) in Chapter 2, Cloud Reference Architecture.

You will now go through each role and actor of ISO/IEC 17789 CCRA and NIST CCRA respectively.

ISO/IEC 17789 CCRA Roles and Sub-Roles

ISO/IEC 17789 is a standard developed by the ISO and the IEC, providing an extensive framework for CCRA. The purpose of this standard is to establish a common language, concepts, and structure to create, deliver, and manage cloud services across various domains.

ISO/IEC 17789 defines a CCRA that includes numerous roles and sub-roles, representing the major actors within the cloud computing ecosystem. You will learn about the duties and interactions between entities within this environment for effective operation and efficiency.

Cloud Service Customer

A Cloud Service Customer (CSC) is an entity that purchases cloud services from a CSP for itself or its users. CSCs can include organizations, departments within organizations, and individuals.

Sub-Roles of the CSC

A Cloud Service User (CSU) is an individual or application that utilizes cloud services provided by the CSP on behalf of the CSC.

CSP

A CSP is the entity responsible for supplying, running, and supporting cloud services. CSPs offer various cloud solutions such as SaaS, PaaS, and IaaS that CSCs can access.

Sub-Functions of a CSP

There are three sub-functions of a CSP:

  • Cloud Service Development: The Cloud Service Development (CSD) sub-role is responsible for designing, creating, and deploying cloud services that meet the demands of CSCs.
  • Cloud Service Operation: The Cloud Service Operation (CSO) sub-role is responsible for managing, monitoring, and operating cloud services provided by the CSP. This involves ensuring those services’ availability, performance, and security.
  • Cloud Service Support: The Cloud Service Support (CSS) sub-role is responsible for offering technical assistance, troubleshooting, and resolving issues related to cloud services for CSCs.

Cloud Service Partner

A Cloud Service Partner (CSN) is an entity that collaborates with the CSP to provide value-added services or support to CSCs. CSNs can be suppliers, resellers, or other organizations working closely with the CSP to improve cloud services as a whole.

Sub-Functions of a CSN

There are two sub-functions of a CSN as listed below:

  • Cloud Broker: The Cloud Broker (CB) serves as an intermediary between the CSC and various CSPs.
  • Cloud Carrier: The Cloud Carrier (CC) facilitates network connectivity between a CSP and the CSCs to guarantee secure, dependable communication.

Cloud Auditor

The Cloud Auditor (CA) is an independent body that reviews and validates a CSP and its services’ adherence to applicable standards, laws, and best practices.

You will now learn about the key actors as per the NIST CCRA.

NIST Cloud Computing Key Actors

NIST Cloud Computing Reference Architecture (NIST SP 500-292), is a document published by the NIST, with the aim of offering an in-depth framework to comprehend, design, and implement cloud computing services and solutions. This reference architecture is intended to produce a uniform, technology-neutral framework that allows communication, cooperation, and the creation of cloud computing standards among diverse stakeholders, such as CSPs, users, and regulators.

The NIST CCRA is composed of five essential components, often termed as actors. These components describe the fundamental functions and duties inside a cloud computing system, therefore clarifying their interrelationships. The five major elements of the NIST CCRA are as follows.

Cloud Consumer

The cloud consumer is a person, group, or business that utilizes cloud services offered by the cloud provider. The cloud consumer obtains and administers cloud services in accordance with its needs and can access these services through a variety of interfaces and devices.

Cloud Provider

The cloud provider is the entity tasked with making cloud services accessible to the cloud customer. This covers the design, management, and maintenance of the cloud infrastructure, platforms, and applications necessary to offer the services. Cloud providers can provide a variety of service models, including IaaS, PaaS, and SaaS.

Cloud Broker

The cloud broker is an agent that helps cloud customers choose, manage, and integrate cloud services from numerous cloud providers. Cloud brokers can provide value-added services, such as collecting and integrating various offers, negotiating contracts, and maintaining Service-Level Agreements (SLAs) to guarantee that the demands of cloud consumers are satisfied.

Cloud Auditor (CA)

The CA is an independent, responsible body that assesses and evaluates the cloud services offered by the cloud provider. This involves confirming the cloud services’ performance, security, and compliance with industry standards, legislation, and best practices. CAs contribute to the confidence and trust of cloud consumers by verifying that cloud providers achieve the necessary service levels and customer expectations.

Cloud Carrier (CC)

The CC is responsible for delivering the connectivity and transport services required for cloud consumer access to a cloud provider’s cloud services. CCs provide the delivery of data and communication between cloud consumers and cloud providers, guaranteeing safe and dependable access to cloud services.

In addition to these core aspects, the NIST CCRA highlights many cross-functional characteristics that are essential to the installation and operation of cloud computing services. They include security, privacy, and compliance, which are vital for ensuring data protection and adherence to applicable laws and regulations.

By providing a structured and thorough reference architecture, NIST SP 500-292 fosters a shared understanding of cloud computing ideas and terminology, enabling stakeholders to make informed decisions and ease the development of interoperable cloud computing solutions. This reference design is a great resource for enterprises intending to adopt cloud computing or to enhance their current cloud-based services.

You will now understand the definitions and specifics of cloud stakeholders as seen from the perspective of two organizations. The ISO/IEC 17789 CCRA, with its focus on the CSC, the sub-role of the CSU, the CSP (with its associated sub-roles), the CSN, and the CA, offers a comprehensive view of the dynamics of each of the aforementioned roles, while the NIST reference architecture looks at the five primary actors of consumer, provider, broker, CA, and CC. Both are equally important, and it is essential to understand the differences between the two for the CCSP exam.

In the next section, you will dive into the key core technologies that allow cloud computing to exist and be used at scale for those requiring the use of the cloud.

You have been reading a chapter from
CCSP (ISC)2 Certified Cloud Security Professional Exam Guide
Published in: Jun 2024
Publisher: Packt
ISBN-13: 9781838987664
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image