Название: The Official (ISC)2 CCSP CBK Reference
Автор: Leslie Fife
Издательство: John Wiley & Sons Limited
Жанр: Зарубежная компьютерная литература
isbn: 9781119603467
isbn:
However, an organization will also have less sensitive information (e.g., email, memos, and reports). In most cases, the amount of this data is much larger. A public cloud can provide the benefits of cloud computing in a cost-effective manner for this less sensitive data. As most of an organization's data is usually of the less sensitive type, the cost savings of a public cloud realized can be substantial, while protecting the more sensitive data in the private cloud. The overall cost savings remains, and the benefits of cloud computing are realized.
In a hybrid model, the disadvantages and benefits of each type of cloud deployment remains for the portion of the cloud using that deployment model. Cloud orchestration can be used to keep this hybrid cloud manageable for the workforce to use.
Cloud Shared Considerations
All cloud customers and CSPs share a set of concerns or considerations. It is no longer the case that all companies use a single CSP or SaaS vendor. In fact, larger companies may use multiple vendors and two or more CSPs in their delivery of services. The business choice is to use the best service for a particular use (best being defined by the customer based on features, cost, or availability). The sections that follow discuss some major considerations that allow the use of multiple CSPs and vendors, in support of the complex cloud environment that exists.
Interoperability
With the concern over vendor lock-in, interoperability is a primary consideration. Interoperability creates the ability to communicate with and share data across multiple platforms and between traditional and cloud services provided by different vendors. Avoiding vendor lock-in allows the customer to make decisions based on the cost, feature set, or availability of a particular service regardless of the vendor providing the service. Interoperability leads to a richer set of alternatives and more choices in pricing.
Portability
Portability may refer to data portability or architecture portability. Data portability is focused on the ability to move data between traditional and cloud services or between different cloud services without having to port the data under challenging and lossy methods or significant changes to either service or the loss of metadata.
Data portability matters to an organization that uses a multicloud approach, as data moves between vendors. Each move cannot create a data porting exercise, or it is not seamless or useful. It is also important in a loud bursting scenario, where peak usage expands into a cloud environment and then shrinks back to its original noncloud size. This must be seamless to make the strategy useful. Data backups are increasingly to the cloud, and a restore to in-house servers must be handled easily.
Architecture portability is concerned with the ability to access and run a cloud service from a wide variety of devices, running different operating systems. This allows users on a Windows laptop and a MacBook Pro to use the same application services, share the same data, and collaborate easily.
Reversibility
Reversibility is a measure of the extent your cloud services can be moved from one cloud environment to another. This includes moving between a cloud environment and an on-premise traditional environment. The movement between environments must be simple and automatic. Companies now move to and from the cloud and between clouds in a multicloud environment and when cloud bursting.
The movement between environments needs to be secure or the movement is not simple nor low cost. Reversibility also decreases vendor lock-in as solutions need to be able to move between CSPs and to and from the cloud. It will become important as application software and data will eventually reside in different locations and the mature cloud environment will not care.
Availability
Availability has two components. The first is one leg of the CIA triad. Within the constraints of the agreed-upon SLA, the purchased services and company or individual data must be made available to the customer by the CSP. If the SLA is not met, the contract will spell out the penalties or recourses available. In this example, if a customer has paid for Dropbox, but when they try to access the service, it is not available, the service availability fails. If this failure is not within the requirements of the SLA, the customer has a claim against the service provider.
The second component of availability is concerned with the elasticity and scalability of the cloud service. If the CSP has not properly planned for expansion, a customer may need to grow their use of the contracted service, and the resources may not be available. Consider a service like Dropbox. If the customer pays for 2TB of storage and it is not available, when they need it, the service fails in terms of availability, even if access to files already stored with the service continues to be provided.
Security
Cloud security is a challenging endeavor. It is true that the larger CSPs spend resources and focus on creating a secure environment. It is equally true that a large CSP is a large target, and there are aspects of cloud computing, such as multitenancy, that create new complexities to security.
One issue that is part of various national laws such as the European Union's General Data Protection Regulation is the restriction on cross-border transfers of data. In an environment where the actual hardware could be anywhere, it is an important consideration to know where your data resides. When there are law enforcement issues, location of the data may also be a jurisdictional challenge.
The owner of data remains ultimately responsible for the security of the data, regardless of what cloud or noncloud services are used. Cloud security involves more than protection of the data but includes the applications and infrastructure.
Privacy
The involvement of third-party providers, in an off-premises situation, creates challenges to data protection and privacy. The end user cannot always determine what controls are in place to protect the privacy of their data and must rely on privacy practice documents and other reports to determine if they trust the third party to protect their data privacy.
Privacy concerns include access to data both during a contract and at the end of a contract as well as the erasure or destruction of data when requested or as required within the contract. Regulatory and contractual requirements such as HIPAA and PCI are also key concerns. Monitoring and logging of data access and modification, and the location of data storage, are additional privacy concerns.
Resiliency
Resilience is the ability to continue operating under adverse or unexpected conditions. This involves both business continuity and disaster recovery planning and implementation. Business continuity might dictate that a customer stores their data in multiple regions so that a service interruption in one region does not prevent continued operations.
The cloud also provides resiliency when a customer suffers a severe incident such as weather, facilities damage, terrorism, civil unrest, or similar events. A cloud strategy allows the company to continue to operate during and after these incidents. The plan may require movement of personnel or contracting personnel at a new location. The cloud strategy handles СКАЧАТЬ