CCSP Domain #1: Cloud concepts, architecture, and design [updated 2022]
As you prepare for the CCSP exam, you need to review the topics included in the (ISC)² CBK that was updated on August 1, 2022. This article highlights critical information to help you become familiar with the topics covered by the first of six domains of the CCSP exam outline.
This section of the test encompasses basic concepts of cloud computing, design principles and the evaluation of cloud service providers. It accounts for 17% of the CCSP certification exam.
Domain 1: Cloud concepts, architecture and design
Each of the five subdomains covers a different aspect of cloud computing.
1.1 Understand cloud computing concepts
Candidates will need to understand cloud computing fundamentals and actual terminologies. NIST Special Publication 800-145, published in 2011, defined cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” According to NIST, this cloud model comprises
Five essential characteristics
- on-demand self-service
- broad network access
- resource pooling
- rapid elasticity or expansion
- measured service
Three service models
- software
- platform
- infrastructure
Four deployment models
- private
- community
- public
- hybrid
Testers need to review each of these concepts and their current evolutions.
Cloud computing roles
Candidates need to understand the roles and responsibilities of all parties involved in a cloud computing environment and how the various roles work together to keep cloud data secure:
- Cloud service customer
- Cloud service provider
- Cloud service partner
- Cloud service broker
- Regulator
Key cloud computing characteristics
Candidates also need to understand the six key cloud computing characteristics that must be present for a service or offering to be considered part of the cloud:
- On-demand self-service
- Broad network access
- Rapid elasticity and scalability
- Resource pooling
- Measured service
- Multitenancy
Building-block technologies
Candidates need to understand the five building-block technologies that make the cloud possible. A combination of these technologies allows better resource utilization and improves the cost structure of technology. Depending on the type of cloud service model, the customer may have more or fewer responsibilities for these technologies:
- Virtualization
- Storage
- Networking
- Databases
- Orchestration
1.2 Describe cloud reference architecture
Candidates need to understand the various components required to develop and manage a cloud environment and how services are delivered, configured and managed.
Cloud computing activities
Candidates need to understand the number of activities (and roles) to be performed by several parties to build, secure and manage a cloud environment:
- Cloud consumer
- Cloud provider
- Cloud auditor
- Cloud broker
- Cloud carrier
Cloud service capabilities
Candidates need to understand the three cloud service models that provide different capabilities.
- Application capability types
- Platform capability types
- Infrastructure capability types
Cloud service models
Candidates need to understand the differences among the various cloud service models and their functions.
- Software-as-a-service (SaaS): The cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage and applications. The cloud customer is responsible only for the data.
- Platform-as-a-service (PaaS): The cloud provider manages the virtual machines and networking resources and the cloud customer is responsible for deploying their applications in the cloud environment.
- Infrastructure-as-a-service (IaaS): The cloud provider is responsible for the underlying infrastructure in the cloud environment. The operating system selection and configuration, patching and software tools and applications are under the control of the cloud customer.
Deployment models
Candidates need to understand the four deployment models (public, private, community and hybrid models), how cloud services are hosted, who controls and operates them and what customers have access to.
Cloud shared considerations
Candidates need to understand the various factors customers must consider before starting their journey to the cloud.
- Interoperability
- Portability and reversibility
- Availability
- Security and privacy
- Resiliency
- Performance
- Governance
- Maintenance and versioning
- Service levels (agreements)
- Auditability
- Regulatory compliance
Impact of related technologies
Candidates need to understand some of the critical and emerging technologies representing the fastest-growing applications of cloud computing.
- Machine learning
- Artificial intelligence
- Blockchain
- Internet of things
- Containers
- Quantum computing
- DevSecOps
1.3 Understand security concepts relevant to cloud computing
Candidates need to understand various security concepts relevant to cloud computing:
- Cryptography and key management
- Access control
- Data and media sanitization (e.g., overwriting, cryptographic erase)
- Network security (e.g., network security groups)
- Virtualization security (e.g., hypervisor security and container security)
- Security hygiene
Common threats
Candidates need to understand various threats organizations face and risks inherent in utilizing cloud computing environments, such as data breaches, misconfiguration, inadequate change control and more.
1.4 Understand design principles of secure cloud computing
Candidates need to understand the six phases in the secure cloud data lifecycle: create, store, use, share, archive and destroy.
They also need to review the difference between disaster recovery (DR) and business continuity planning (BCP) in a cloud environment.
Candidates need to understand when, why and how cost-benefit analysis is carried out to determine whether the features offered by the cloud provider justify the costs associated with the cloud environment.
Functional security requirements
Candidates need to understand the various security concerns (e.g., portability, interoperability and vendor lock-in) that must be evaluated, some of which are unique to the cloud service model and the shared responsibility model.
1.5 Evaluate cloud service providers
Candidates need to understand some factors used to evaluate cloud service providers, their service offerings and their systems’ security.
Cloud service evaluation criteria
Candidates need to understand what role “certification against criteria” plays in identifying trusted cloud services, such as ISO/IEC 27017, payment card industry data security standard (PCI DSS), etc.
Cloud certification scheme
Candidates need to understand some system/subsystem product certifications, such as common criteria (CC) and federal information processing standard (FIPS) 140-2.
How to prepare for the CCSP exam
Studying suitable material is recommended by (ISC)2 before taking the CCSP exam. The official materials include:
- Official (ISC)² CCSP Study Guide, 2nd Edition
- Official (ISC)² CCSP CBK Reference, 3rd Edition
- Official (ISC)² CCSP Practice Tests, 2nd Edition
- Official (ISC)² CCSP Flash Cards
- Official (ISC)² CCSP Study App
Need training? Design an individual CCSP learning path that better fits your needs and requirements to prepare for the CCSP certification. Start validating your cloud security knowledge by reviewing all the essential elements found in the first domain of the CCSP common body of knowledge (CBK) — Cloud Concepts, Architecture and Design.
For more on the CCSP certification, check out our CCSP certification hub.
Sources:
- CCSP, (ISC)²
- CCSP: Certification Exam Outline, (ISC)²
- CCSP Domain Refresh FAQ, (ISC)²
- Definition of Cloud Computing: Special Publication 800-145, NIST