ISC2 CCSP

CCSP Domain #1: Cloud concepts, architecture, and design [updated 2022]

As you prepare for the CCSP exam, you need to review the topics included in the (ISC)² CBK that was updated on August 1, 2022. This article highlights critical information to help you become familiar with the topics covered by the first of six domains of the CCSP exam outline.

This section of the test encompasses basic concepts of cloud computing, design principles and the evaluation of cloud service providers. It accounts for 17% of the CCSP certification exam.

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Learn More

Domain 1: Cloud concepts, architecture and design

Each of the five subdomains covers a different aspect of cloud computing.

1.1 Understand cloud computing concepts

Candidates will need to understand cloud computing fundamentals and actual terminologies. NIST Special Publication 800-145, published in 2011, defined cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” According to NIST, this cloud model comprises

Five essential characteristics

on-demand self-service
broad network access
resource pooling
rapid elasticity or expansion
measured service

Three service models

software
platform
infrastructure

Four deployment models

private
community
public
hybrid

Testers need to review each of these concepts and their current evolutions.

Cloud computing roles

Candidates need to understand the roles and responsibilities of all parties involved in a cloud computing environment and how the various roles work together to keep cloud data secure:

Cloud service customer
Cloud service provider
Cloud service partner
Cloud service broker
Regulator

Key cloud computing characteristics

Candidates also need to understand the six key cloud computing characteristics that must be present for a service or offering to be considered part of the cloud:

On-demand self-service
Broad network access
Rapid elasticity and scalability
Resource pooling
Measured service
Multitenancy

Building-block technologies

Candidates need to understand the five building-block technologies that make the cloud possible. A combination of these technologies allows better resource utilization and improves the cost structure of technology. Depending on the type of cloud service model, the customer may have more or fewer responsibilities for these technologies:

Virtualization
Storage
Networking
Databases
Orchestration

1.2 Describe cloud reference architecture

Candidates need to understand the various components required to develop and manage a cloud environment and how services are delivered, configured and managed.

Cloud computing activities

Candidates need to understand the number of activities (and roles) to be performed by several parties to build, secure and manage a cloud environment:

Cloud consumer
Cloud provider
Cloud auditor
Cloud broker
Cloud carrier

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Learn More

Cloud service capabilities

Candidates need to understand the three cloud service models that provide different capabilities.

Application capability types
Platform capability types
Infrastructure capability types

Cloud service models

Candidates need to understand the differences among the various cloud service models and their functions.

Software-as-a-service (SaaS): The cloud provider manages all aspects of the application environment, such as virtual machines, networking resources, data storage and applications. The cloud customer is responsible only for the data.
Platform-as-a-service (PaaS): The cloud provider manages the virtual machines and networking resources and the cloud customer is responsible for deploying their applications in the cloud environment.
Infrastructure-as-a-service (IaaS): The cloud provider is responsible for the underlying infrastructure in the cloud environment. The operating system selection and configuration, patching and software tools and applications are under the control of the cloud customer.

Deployment models

Candidates need to understand the four deployment models (public, private, community and hybrid models), how cloud services are hosted, who controls and operates them and what customers have access to.

Cloud shared considerations

Candidates need to understand the various factors customers must consider before starting their journey to the cloud.

Interoperability
Portability and reversibility
Availability
Security and privacy
Resiliency
Performance
Governance
Maintenance and versioning
Service levels (agreements)
Auditability
Regulatory compliance

Impact of related technologies

Candidates need to understand some of the critical and emerging technologies representing the fastest-growing applications of cloud computing.

Machine learning
Artificial intelligence
Blockchain
Internet of things
Containers
Quantum computing
DevSecOps

1.3 Understand security concepts relevant to cloud computing

Candidates need to understand various security concepts relevant to cloud computing:

Cryptography and key management
Access control
Data and media sanitization (e.g., overwriting, cryptographic erase)
Network security (e.g., network security groups)
Virtualization security (e.g., hypervisor security and container security)
Security hygiene

Common threats

Candidates need to understand various threats organizations face and risks inherent in utilizing cloud computing environments, such as data breaches, misconfiguration, inadequate change control and more.

1.4 Understand design principles of secure cloud computing

Candidates need to understand the six phases in the secure cloud data lifecycle: create, store, use, share, archive and destroy.

They also need to review the difference between disaster recovery (DR) and business continuity planning (BCP) in a cloud environment.

Candidates need to understand when, why and how cost-benefit analysis is carried out to determine whether the features offered by the cloud provider justify the costs associated with the cloud environment.

Functional security requirements

Candidates need to understand the various security concerns (e.g., portability, interoperability and vendor lock-in) that must be evaluated, some of which are unique to the cloud service model and the shared responsibility model.

1.5 Evaluate cloud service providers

Candidates need to understand some factors used to evaluate cloud service providers, their service offerings and their systems’ security.

Cloud service evaluation criteria

Candidates need to understand what role “certification against criteria” plays in identifying trusted cloud services, such as ISO/IEC 27017, payment card industry data security standard (PCI DSS), etc.

Cloud certification scheme

Candidates need to understand some system/subsystem product certifications, such as common criteria (CC) and federal information processing standard (FIPS) 140-2.

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Learn More

How to prepare for the CCSP exam

Studying suitable material is recommended by (ISC)2 before taking the CCSP exam. The official materials include:

Official (ISC)² CCSP Study Guide, 2nd Edition
Official (ISC)² CCSP CBK Reference, 3rd Edition
Official (ISC)² CCSP Practice Tests, 2nd Edition
Official (ISC)² CCSP Flash Cards
Official (ISC)² CCSP Study App

Need training? Design an individual CCSP learning path that better fits your needs and requirements to prepare for the CCSP certification. Start validating your cloud security knowledge by reviewing all the essential elements found in the first domain of the CCSP common body of knowledge (CBK) — Cloud Concepts, Architecture and Design.

For more on the CCSP certification, check out our CCSP certification hub.

Sources:

CCSP, (ISC)²
CCSP: Certification Exam Outline, (ISC)²
CCSP Domain Refresh FAQ, (ISC)²
Definition of Cloud Computing: Special Publication 800-145, NIST

Posted: August 16, 2022

Mosimilolu Odusanya

View Profile

Mosimilolu (or 'Simi') works as a full-time cybersecurity consultant, specializing in privacy and infrastructure security. Outside of work, her passions includes watching anime and TV shows and travelling.