1.6 Explain the threats and vulnerabilities associated with operating in the cloud

Cloud service models:

• SaaS: customer only chooses application; hardware managed by provider; access control

• PaaS: configurable hardware + software/development tools; data protection

• IaaS: configurable hardware; VM management (VM escape; virtual host patching; virtual guest issues [patching]; virtual network issues)

• Cloud deployment models:

  • Public: public cloud provider sells services to consumers

  • Private: internal enterprise service to internal customers

  • Community: several companies work on same platform

  • Hybrid: mix of on-premises, private cloud & public cloud

• FaaS/serverless architecture: apps are hosted by 3rd party; all server software/hardware management is done by the provider

• IaC: managing/provisioning DCs using machine-readable files

• Insecure API: Internet-exposed management APIs can have software vulnerabilities (e.g. anonymous access; plaintext authentication; improper authorisations)

• Improper key management: unencrypted; Internet-exposed key server; weak/reused key

• Unprotected storage: insider threats; malicious file entry; impersonation; worm that is auto-synced to the cloud, and spread from the cloud to other users

• Logging and monitoring:

  • Insufficient logging and monitoring: late detection; undetected password spraying; ignored alerts; unidentified suspicious activity

  • Inability to access: access logs provide info about failed requests made to cloud