CCSP Domain #1: Cloud Concepts, Architecture, and Design [updated 2021]
The following topics are included in the CCSP cloud concepts, architecture and design domain, as per the “Official (ISC)2 Guide to the CCSP CBK.” This domain represents 17% of the CCSP certification exam. Earning the CCSP means the candidate has the right knowledge and skills to build and design a cloud environment.
Domain 1: Cloud concepts, architecture and design
Understanding cloud computing concepts
Candidates will need to understand cloud computing fundamentals and cloud terminologies. NIST defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model comprises five essential characteristics, three service models and four deployment models.”
Cloud service models
Candidates will need to understand the differences between the various cloud service models and their
- Software as a Service (SaaS): the cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage and applications. The cloud customer is responsible for only their data to the application managed by the cloud provider.
- Platform as a Service (PaaS): the cloud provider manages the virtual machines and networking resources, and the cloud customer is responsible for deploying their applications into the cloud environment.
- Infrastructure as a Service (IaaS): the cloud provider is responsible for the underlying infrastructure in the cloud environment. The operating system selection and configuration, patching and software tools and applications are under the control of the cloud customer.
- Deployment models
Candidates will need to understand the four deployment models: public, private, community and hybrid model. Plus, how cloud services are hosted, who controls and operates them and what customers have access to.
Cloud computing roles
Candidates will need to understand the roles in cloud computing environment and how the various roles work together to keep cloud data secure:
- Cloud service customer
- Cloud service provider
- Cloud service partner
- Cloud service broker
Key cloud computing characteristics
Candidates will need to understand the six key cloud computing characteristics which describe certain characteristics that must be present for a service or offering is to be considered cloud:
- On-demand self-service
- Broad network access
- Rapid elasticity and scalability
- Resource pooling
- Measured service
- Multitenancy
Building block technologies
Candidates will need to understand the five building block technologies that make cloud possible. A combination of all these technologies allows better resource utilization and improves the cost structure of technology. Depending on the type of cloud service model, the customer may have more or fewer responsibilities over these technologies:
- Virtualization
- Storage
- Networking
- Databases
- Orchestration
Describe cloud reference architecture
Candidates will need to understand the various components (i.e., building blocks) required to develop and manage a cloud environment and how services are delivered, configured and managed.
Cloud computing activities
Candidates will need to understand the number of activities (and roles) to be performed by several parties to build, secure and manage a cloud environment:
- Cloud consumer
- Cloud provider
- Cloud auditor
- Cloud broker
- Cloud carrier
Cloud service capabilities
Candidates will need to understand the three cloud service models which provide different capabilities.
- Application capability types
- Platform capability types
- Infrastructure capability types
Cloud shared considerations
Candidates will need to understand the various factors that customers have to consider before starting their journey to the cloud.
- Interoperability
- Portability and reversibility
- Availability
- Security and privacy
- Resiliency
- Performance
- Governance
- Maintenance and versioning
- Service levels (agreements)
- Auditability
- Regulatory compliance
Impact of related technologies
Candidates will need to understand some of the critical and emerging technologies representing the fastest-growing applications of cloud computing.
- Machine learning
- Artificial intelligence
- Blockchain
- Internet of things
- Containers
- Quantum computing
Understand security concepts relevant to cloud computing
Candidates will need to understand various security concepts relevant to cloud computing:
- Cryptography and key management
- Access control
- Data and media sanitization (e.g., overwriting, cryptographic erase)
- Network security (e.g., network security groups)
- Virtualization security (e.g., hypervisor security and container security)
Common threats
Candidates will need to understand various threats organizations face and risks inherent in utilizing cloud computing environments, such as data breaches, misconfiguration, inadequate change control and more.
Understand design principles of secure cloud computing
Candidates will need to understand various factors considered when performing the cost-benefit analysis to move to the cloud.
- Cloud secure data lifecycle
Candidates need to understand the six phases in the secure cloud data lifecycle: create, store, use, share, archive and destroy.
- Cloud-based disaster recovery and business continuity planning
Candidates will need to understand the difference between disaster recovery (DR) and business continuity planning (BCP) in a cloud environment.
- Cost-benefit analysis
Candidates will need to understand when, why and how cost-benefit analysis is carried out to determine whether the features offered by the cloud provider justify the costs associated with the cloud environment.
Functional security requirements
Candidates will need to understand the various security concerns (e.g., portability, interoperability, vendor lock-in) that must be evaluated, some of which are unique to the cloud service model and the shared responsibility model.
Evaluate cloud service providers
Candidates will need to understand some of the factors used in evaluating cloud service providers, their service offerings, and their systems’ security.
- Verification against criteria
Candidates will need to understand what role “certification against criteria” plays in identifying trusted cloud services such as ISO/IEC 27017, payment card industry data security standard (PCI DSS) etc.
- System/subsystem product verifications
Candidates will need to understand some of the certifications, frameworks, standards used/gained by cloud service providers, such as common criteria (CC), federal information processing standard (FIPS) 140-2.
How to prepare for the CCSP exam
Studying the right material is very he official books and material recommended by the (ISC)2 to take the CCSP exam, include:
- Official (ISC)² CCSP CBK Reference, Third Edition
- Official (ISC)² CCSP Study Guide
- Official (ISC)² CCSP practice tests
- Official CCSP study and practice tests apps
- Official (ISC)² CCSP flashcards
Sources
- The Official (ISC)2 CCSP CBK Reference, (ISC)2
- (ISC)2 Approved CCSP for Dummies, Wiley
- CCSP Certification Exam Outline, (ISC)2