This book and its accompanying online resources are designed to be a complete preparation tool for your CCSP Exam.

The book is written in a way that you can apply everything you’ve learned here even after your certification. The online practice resources that come with this book (Figure 1.1) are designed to improve your test-taking skills. They are loaded with timed mock exams, interactive flashcards, and exam tips to help you work on your exam readiness from now till your test day.

Before You Proceed

To learn how to access these resources, head over to Chapter 25, Accessing the Online Practice Resources, at the end of the book.

Figure 1.1 – Dashboard interface of the online practice resources

Here are some tips on how to make the most out of this book so that you can clear your certification and retain your knowledge beyond your exam:

1. Read each section thoroughly.
2. Make ample notes: You can use your favorite online note-taking tool or use a physical notebook. The free online resources also give you access to an online version of this book. Click the BACK TO THE BOOK link from the Dashboard to access the book in Packt Reader. You can highlight specific sections of the book there.
3. Chapter Review Questions: At the end of this chapter, you’ll find a link to review questions for this chapter. These are designed to test your knowledge of the chapter. Aim to score at least 75% before moving on to the next chapter. You’ll find detailed instructions on how to make the most of these questions at the end of this chapter in the Exam Readiness Drill - Chapter Review Questions section. That way, you’re improving your exam-taking skills after each chapter, rather than at the end.
4. Flashcards: After you’ve gone through the book and scored 75% more in each of the chapter review questions, start reviewing the online flashcards. They will help you memorize key concepts.
5. Mock Exams: Solve the mock exams that come with the book till your exam day. If you get some answers wrong, go back to the book and revisit the concepts you’re weak in.
6. Exam Tips: Review these from time to time to improve your exam readiness even further.

By the end of this chapter, you will be able to confidently answer questions on the following topics:

• Cloud computing
• Essential cloud computing characteristics
• Cloud stakeholders
• Key cloud computing technologies and building blocks
• You will now go through each topic above.

Cloud computing significantly altered some of the established IT conventions, even though the majority of the underlying technology and security fundamentals remain the same. Many of the key IT principles addressed in this chapter reaffirm the underlying features that remain constant as cloud computing provisioning and consumption models are embraced. The cloud computing Software-as-a-Service (SaaS) model uses internet-based computing resources to provide scalable and elastic IT-enabled capabilities to internal or external consumers.

Various cloud service providers, such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform, have their own definitions of cloud computing, based on their respective service offerings. The non-regulatory agency of the United States Department of Commerce, the National Institute of Standards and Technology (NIST), in its Special Publication (SP) 800-145, provides the most widely used definition for cloud computing, which is cited by IT experts and cloud computing professionals when communicating the basic terminology:

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.”

Note

You can read about the NIST publication 800-145 cloud computing definition here: https://csrc.nist.gov/publications/detail/sp/800-145/final.

Now that you are familiar with the definition of cloud computing, it is time to focus on the five essential characteristics of cloud computing.

Cloud computing, as described by the NIST publication 800-145, is an innovative computing paradigm that delivers computer resources, services, and applications via the internet on demand. It enables users to remotely access, store, and administer data and applications without having to invest in or maintain physical infrastructure or hardware.

As per the NIST publication 800-145, the cloud computing model can be further defined by having five fundamental characteristics, three service models, and four deployment methods:

• The five essential characteristics of cloud computing are as follows:
  • On-demand self-service: Cloud services can be deployed and maintained by the user without the service provider’s participation
  • Extensive network access: Cloud services are accessible over the internet, making them accessible from several devices and places
  • Resource pooling: Cloud providers share resources such as storage, computation, memory, and bandwidth to serve several consumers simultaneously
  • Rapid elasticity: Cloud resources can be readily scaled up or down to meet variable demands, allowing peak loads to be accommodated without compromising performance
  • Measured service: Cloud consumption is monitored, controlled, and reported so that users only pay for the resources they consume
• The three service models are as follows:
  • SaaS: The SaaS approach provides internet-based applications that are ready for use. Consumers need not concern themselves with infrastructure, software upgrades, or maintenance.
  • Platform as a service: Platform as a Service (PaaS) provides an environment to create, deploy, and maintain applications. Users can concentrate on application development without thinking about the underlying infrastructure.
  • Infrastructure as a service: Infrastructure as a Service (IaaS) offers virtualized computing resources, including Virtual Machines (VMs), storage, and networking. The user controls their infrastructure, while the Cloud Service Provider (CSP) oversees the physical hardware.
• The four deployment models are as follows:
  • Private cloud: The cloud infrastructure is devoted to a single enterprise, providing more security and data privacy controls
  • Community cloud: This deployment approach supports several enterprises that have common concerns, such as security needs or regulatory compliance
  • Public cloud: The cloud infrastructure is owned and managed by a service provider, who sells services to the general public or a major industrial group
  • Hybrid cloud: This model combines two or more of the preceding deployment methods, enabling enterprises to make use of the benefits of each while keeping separate environments

Note

You can find more resources about cloud computing and its characteristics here: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf.

As a cloud security expert, it is crucial that you understand these definitions and components in order to create, implement, and maintain security solutions that safeguard sensitive data and guarantee compliance with industry requirements. Cloud security comprises a vast array of techniques and technologies, including identity and access management, encryption, intrusion detection, and secure data transfer that protect cloud-based resources and services. By understanding the specific characteristics of cloud computing, security professionals can better minimize possible risks and vulnerabilities in an environment that is rapidly evolving.

In this section, you learned about the essential cloud computing characteristics. The next section will focus on cloud stakeholders.

The International Information Systems Security Certification Consortium (ISC2) CCSP Common Body of Knowledge (CBK) identifies multiple cloud computing stakeholders with specific responsibilities, based primarily on the following International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) standards and NIST special publications:

• ISO/IEC 17789 Cloud Computing Reference Architecture (CCRA)
• NIST SP 500-292 CCRA

Note

You can read more about the ISO/IEC 17789 CCRA here - https://www.iso.org/standard/60545.html, and the NIST SP 500-292 CCRA here - https://www.nist.gov/publications/nist-cloud-computing-reference-architecture.

The key differences you need to be aware of concerning the identification of these cloud stakeholders are as follows:

• The ISO/IEC 17789 CCRA defines three main roles with multiple sub-roles in each main role
• The NIST CCRA defines five key actors

Note

It is important to focus on the cloud service models and cloud delivery models in this chapter. You will learn about the shared responsibility model, the three service models, and the six common deployment models (as mentioned in the NIST definition) in Chapter 2, Cloud Reference Architecture.

You will now go through each role and actor of ISO/IEC 17789 CCRA and NIST CCRA respectively.

ISO/IEC 17789 CCRA Roles and Sub-Roles

ISO/IEC 17789 is a standard developed by the ISO and the IEC, providing an extensive framework for CCRA. The purpose of this standard is to establish a common language, concepts, and structure to create, deliver, and manage cloud services across various domains.

ISO/IEC 17789 defines a CCRA that includes numerous roles and sub-roles, representing the major actors within the cloud computing ecosystem. You will learn about the duties and interactions between entities within this environment for effective operation and efficiency.

Cloud Service Customer

A Cloud Service Customer (CSC) is an entity that purchases cloud services from a CSP for itself or its users. CSCs can include organizations, departments within organizations, and individuals.

Sub-Roles of the CSC

A Cloud Service User (CSU) is an individual or application that utilizes cloud services provided by the CSP on behalf of the CSC.

CSP

A CSP is the entity responsible for supplying, running, and supporting cloud services. CSPs offer various cloud solutions such as SaaS, PaaS, and IaaS that CSCs can access.

Sub-Functions of a CSP

There are three sub-functions of a CSP:

• Cloud Service Development: The Cloud Service Development (CSD) sub-role is responsible for designing, creating, and deploying cloud services that meet the demands of CSCs.
• Cloud Service Operation: The Cloud Service Operation (CSO) sub-role is responsible for managing, monitoring, and operating cloud services provided by the CSP. This involves ensuring those services’ availability, performance, and security.
• Cloud Service Support: The Cloud Service Support (CSS) sub-role is responsible for offering technical assistance, troubleshooting, and resolving issues related to cloud services for CSCs.

Cloud Service Partner

A Cloud Service Partner (CSN) is an entity that collaborates with the CSP to provide value-added services or support to CSCs. CSNs can be suppliers, resellers, or other organizations working closely with the CSP to improve cloud services as a whole.

Sub-Functions of a CSN

There are two sub-functions of a CSN as listed below:

• Cloud Broker: The Cloud Broker (CB) serves as an intermediary between the CSC and various CSPs.
• Cloud Carrier: The Cloud Carrier (CC) facilitates network connectivity between a CSP and the CSCs to guarantee secure, dependable communication.

Cloud Auditor

The Cloud Auditor (CA) is an independent body that reviews and validates a CSP and its services’ adherence to applicable standards, laws, and best practices.

You will now learn about the key actors as per the NIST CCRA.

NIST Cloud Computing Key Actors

NIST Cloud Computing Reference Architecture (NIST SP 500-292), is a document published by the NIST, with the aim of offering an in-depth framework to comprehend, design, and implement cloud computing services and solutions. This reference architecture is intended to produce a uniform, technology-neutral framework that allows communication, cooperation, and the creation of cloud computing standards among diverse stakeholders, such as CSPs, users, and regulators.

The NIST CCRA is composed of five essential components, often termed as actors. These components describe the fundamental functions and duties inside a cloud computing system, therefore clarifying their interrelationships. The five major elements of the NIST CCRA are as follows.

Cloud Consumer

The cloud consumer is a person, group, or business that utilizes cloud services offered by the cloud provider. The cloud consumer obtains and administers cloud services in accordance with its needs and can access these services through a variety of interfaces and devices.

Cloud Provider

The cloud provider is the entity tasked with making cloud services accessible to the cloud customer. This covers the design, management, and maintenance of the cloud infrastructure, platforms, and applications necessary to offer the services. Cloud providers can provide a variety of service models, including IaaS, PaaS, and SaaS.

Cloud Broker

The cloud broker is an agent that helps cloud customers choose, manage, and integrate cloud services from numerous cloud providers. Cloud brokers can provide value-added services, such as collecting and integrating various offers, negotiating contracts, and maintaining Service-Level Agreements (SLAs) to guarantee that the demands of cloud consumers are satisfied.

Cloud Auditor (CA)

The CA is an independent, responsible body that assesses and evaluates the cloud services offered by the cloud provider. This involves confirming the cloud services’ performance, security, and compliance with industry standards, legislation, and best practices. CAs contribute to the confidence and trust of cloud consumers by verifying that cloud providers achieve the necessary service levels and customer expectations.

Cloud Carrier (CC)

The CC is responsible for delivering the connectivity and transport services required for cloud consumer access to a cloud provider’s cloud services. CCs provide the delivery of data and communication between cloud consumers and cloud providers, guaranteeing safe and dependable access to cloud services.

In addition to these core aspects, the NIST CCRA highlights many cross-functional characteristics that are essential to the installation and operation of cloud computing services. They include security, privacy, and compliance, which are vital for ensuring data protection and adherence to applicable laws and regulations.

By providing a structured and thorough reference architecture, NIST SP 500-292 fosters a shared understanding of cloud computing ideas and terminology, enabling stakeholders to make informed decisions and ease the development of interoperable cloud computing solutions. This reference design is a great resource for enterprises intending to adopt cloud computing or to enhance their current cloud-based services.

You will now understand the definitions and specifics of cloud stakeholders as seen from the perspective of two organizations. The ISO/IEC 17789 CCRA, with its focus on the CSC, the sub-role of the CSU, the CSP (with its associated sub-roles), the CSN, and the CA, offers a comprehensive view of the dynamics of each of the aforementioned roles, while the NIST reference architecture looks at the five primary actors of consumer, provider, broker, CA, and CC. Both are equally important, and it is essential to understand the differences between the two for the CCSP exam.

In the next section, you will dive into the key core technologies that allow cloud computing to exist and be used at scale for those requiring the use of the cloud.

Cloud computing technologies enable on-demand, scalable, and adaptable computing resources and services. These hardware, software, and networking components enable enterprises to upgrade their IT infrastructures, reduce costs, and quickly adjust according to changing business demands. The fundamental elements that comprise cloud computing technology are as follows:

• Compute resources: Cloud computing relies on compute resources for the execution of applications, services, and workloads. These can be virtualized to provide multiple VMs or containers running on one physical server, providing efficient hardware usage and flexible resource allocation.
• Storage resources: Storage resources are essential for storing and managing cloud-based data. They offer various storage solutions, such as block storage, file storage, and object storage, to meet various data types, access patterns, and performance demands. On-demand scalability of cloud storage capacity ensures cost-effective and efficient solutions.
• Networking resources: Networking resources provide connectivity between cloud users and services, allowing communication between cloud components. These include virtual networks, routers, load balancers, and firewalls that ensure secure, dependable data transfer inside and across cloud environments.
• Middleware and runtime: Middleware and runtime components provide the platform and environment required to deliver, manage, and execute cloud applications and services. This consists of application servers, databases, as well as other platform-level elements that facilitate the creation of applications based on various programming languages and frameworks.
• Cloud management and orchestration: Management and orchestration technologies are essential for automating the management and control of cloud resources, services, and applications. They aid in the provisioning, monitoring, scalability, and optimization of these resources to ensure optimal resource allocation and use. Moreover, these solutions offer resource life cycle management – guaranteeing resources are available when needed and relinquished when no longer necessary – thus providing optimal resource life cycle management.
• Security and privacy: Securing cloud-based data, applications, and infrastructure requires security and privacy components. To safeguard these resources from potential threats or vulnerabilities, they include encryption, identity and access management, intrusion detection systems, and secure data transmission methods.
• Service models: Cloud computing offers three basic service models that define the customer’s control scope and level – IaaS, PaaS, and SaaS. Each model isolates different levels of the underlying infrastructure, allowing customers to focus on core business needs while taking advantage of cloud technology benefits.
• Deployment models: Deployment models refer to how cloud resources are organized and made accessible to users. The public cloud, private cloud, hybrid cloud, and community cloud are the four primary deployment options. Each offers varying degrees of control, security, and scalability to meet the unique demands and expectations of organizations.
• Billing and metering: Billing and metering components enable the tracking and reporting of cloud resource usage, enabling consumption-based pricing so that users only pay for what they use. This pay-as-you-go model offers a flexible yet cost-effective method to access and manage cloud resources.

Although this knowledge may appear basic, it is essential for CCSP candidates to comprehend the fundamental principles of cloud computing. To effectively secure cloud environments, they must possess an in-depth understanding of cloud technologies such as compute resources, storage resources, networking resources, middleware, and runtime, as well as service and deployment patterns. Having this understanding allows them to detect and address potential security risks or vulnerabilities within cloud infrastructures.

Candidates taking the CCSP exam must also be able to evaluate CSPs and suppliers to confirm whether their products meet organizational security and compliance requirements. An understanding of cloud computing building blocks and reference designs such as NIST SP 500-292 can assist in selecting and managing cloud services effectively.

In this chapter, you learned the fundamental definitions of cloud computing, the different types of stakeholders involved, the activities, and the technology models and building blocks. These are the core CCSP exam topics.

The next chapter will provide more details regarding the cloud reference architecture, the service models, and the cloud deployment models and capabilities. The chapter will also specify the shared considerations for cloud deployments and the impact of new and emerging technologies on the evolution of cloud computing.

Apart from a solid understanding of key concepts, being able to think quickly under time pressure is a skill that will help you ace your certification exam. That is why working on these skills early on in your learning journey is key.

Chapter review questions are designed to improve your test-taking skills progressively with each chapter you learn and review your understanding of key concepts in the chapter at the same time. You’ll find these at the end of each chapter.

How to Access These Materials

To learn how to access these resources, head over to the chapter titled Chapter 25, Accessing the Online Resources.

To open the Chapter Review Questions for this chapter, perform the following steps:

1. Click the link – https://packt.link/CCSPE1_CH01.

   Alternatively, you can scan the following QR code (Figure 1.2):

Figure 1.2 – QR code that opens Chapter Review Questions for logged-in users

2. Once you log in, you’ll see a page similar to the one shown in Figure 1.3:

Figure 1.3 – Chapter Review Questions for Chapter 1

3. Once ready, start the following practice drills, re-attempting the quiz multiple times.

Exam Readiness Drill

For the first three attempts, don’t worry about the time limit.

ATTEMPT 1

The first time, aim for at least 40%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix your learning gaps.

ATTEMPT 2

The second time, aim for at least 60%. Look at the answers you got wrong and read the relevant sections in the chapter again to fix any remaining learning gaps.

ATTEMPT 3

The third time, aim for at least 75%. Once you score 75% or more, you start working on your timing.

Tip

You may take more than three attempts to reach 75%. That’s okay. Just review the relevant sections in the chapter till you get there.

Target: Your aim is to keep the score the same while trying to answer these questions as quickly as possible. Here’s an example of how your next attempts should look like:

Table 1.1 – Sample timing practice drills on the online platform

Note

The time limits shown in the above table are just examples. Set your own time limits with each attempt based on the time limit of the quiz on the website.

With each new attempt, your score should stay above 75% while your “time taken” to complete should “decrease”. Repeat as many attempts as you want till you feel confident dealing with the time pressure.