CCSP Domain 3: Cloud Platform and Infrastructure Security
The Certified Cloud Security Professional certification, or CCSP, is a certification hosted by the joint effort of (ISC)2 and the Cloud Security Alliance (CSA). This exciting credential is designed for cloud-based information security professionals and ensures that the certification holder has acquired the requisite skills, knowledge and abilities in cloud implementation, security design, controls, operations and compliance with applicable regulations.
The CCSP certification exam comprises six domains: Architectural Concepts and Design Requirements, Cloud Data Security, Cloud Platform and Infrastructure Security, Operations, Cloud Application Security and Legal and Compliance. This article will detail the Cloud Platform and Infrastructure Security domain of the CCSP exam and what candidates preparing for the CCSP certification can expect on the exam.
The Cloud Platform and Infrastructure Security domain of CCSP currently accounts for 20% of the material covered by the CCSP certification exam.
Below, you will find an exploration of the different subsections of this domain and what information you can expect to be covered on the CCSP certification exam
3.1 Comprehend Cloud Infrastructure Components
Cloud infrastructure is composed of many parts, each with their own significance. These components include physical environment, virtualization, network and communications, storage, compute and the management plane.
While the lay person may think that information being “in the cloud” means that it is in some virtual “other dimension,” the cloud has a physical environment. This physical environment has a low tolerance for failure and many considerations that need to be addressed for the physical environment to be suitable for cloud infrastructure.
Data centers are the physical environment where the cloud infrastructure resides. There are many physical environment aspects that need to be considered such as:
- Appropriate floor space
- Appropriate rack space/cages
- Any other colocation concerns on a case-by-case basis
- Geographic considerations: Availability of power, seismic activity, floods, accessibility
- Political risks: Civil unrest, rioting and so forth
Data Center Design
Redundancy is the name of the game when it comes to data center design. Examples of how redundancy comes into play is no single point of failure, multiple power units, multiple backup units, multiple power distribution units (PDU), multiple entrances and exits to the building and more.
Network and Communications
With the high amount of data that gets transmitted to and from the cloud, network and communications is another important cloud infrastructure consideration that will be covered in this domain. These concerns include:
- Rate limiting
- Bandwidth allocation
- Software defined networking
A cloud server’s compute parameters depend on the number of CPUs and the amount of RAM used. The ability to allocate these resources is a vital compute concern. Successful CCSP exam candidates should be able to fully explain these three factors that affect resource allocation:
The use of powerful host machines providing shared resource pools to maximize the number of guests is a both a basic explanation of virtualization and the underpinning of cloud computing. In fact, cloud computing would not be possible without virtualization. The most convincing arguments for the use of virtualization are:
- Increasing the efficiency and agility of hardware by sharing resources
- A reduction in personnel resourcing and maintenance, leading to easier management
Redundancy is also the name of the game with regard to storage. For reliability, when storage is performed on a disk drive, the approach used is that of Redundant Array of Inexpensive Disks (RAID). Object storage is a popularly used storage solution offered by cloud service providers. The redundancy with object storage comes by way of data storage across multiple object storage servers.
Cloud management planes allow administrators to remotely manage all hosts instead of physically visiting each host server to install software or reboot/power on said hosts. The end result is automated control tasks. Administrators can control the entire cloud infrastructure via the management plane.
3.2 Analyze Risks Associated With Cloud Infrastructure Risk Assessment/Analysis
Although these risk assessment/analysis guidelines below will be helpful, ultimately all risks associated to a cloud infrastructure should be customized for their individual needs. Risks to consider include:
Policy and Organization Risks
- Provider lock-in
- Loss of governance
- Compliance challenges
- Provider exit
A risk is present if there is the potentiality of failure to meet a requirement that is able to be expressed in technical terms. These technical terms include performance, protection, operability, and integration.
Cloud service providers have a relatively large technology scale, which affects risk. This one result depends on the situation, of course. Considerations include:
- Consolidation of cloud and IT infrastructure lead to consolidation of points of failure
- Larger scale platforms require more technical skill to manage
- Shifting control of technical risks towards cloud service provider
Cloud Attack Vectors
The new technology of cloud computing brings with it new attack vectors. These attack vectors are:
- API compromise, example being leaking API credentials
- Identity compromise
- Attacks on connecting infrastructure. For example, attacks on the cloud carrier
- Attacks on the cloud service provider’s infrastructure and facilities
- Snapshot and image security
- Guest breakout
There are a couple recommendations for countermeasures and several considerations.
First, use a multi-layered approach to defending from risks. Second, and in keeping with the recurring theme of redundancy, for every control that is used against a risk there should be a second control implemented in case of failure of the first. The countermeasure considerations include:
- Continuous uptime
- Access controls: Including building access, computer and colocation floor access and so on.
- Automation of controls
3.3 Design and Plan Security Controls
Physical and Environmental Protection
Bodies of knowledge in this area are NIST’s SP 800-14 and SP 800-123. This knowledge has been consolidated into key regulations.
- Healthcare Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCI DSS)
- North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
Examples of Relevant Controls Based Upon One or More Regulations
- Policies and procedures established for maintaining safe and secure working environments: Includes offices, facilities, rooms and secure areas
- Restricted physical access of users and support personnel to information assets and functions
- Physical security perimeters such as walls, fences, guards, barriers, gates and so on.
Protecting Data Center Facilities
Data centers are required to have a redundant, multi-layered approach to using access controls. Controls are required to be at the facilities level, the computer floor level, and at the data center/facility staff level to guard against risk.
System and Communication Protections
Cloud computer runs on physical systems which use services needing protection. Some of these services are:
- Volume management
- Storage controller
- Security group management
- IP address management
- Identity service
- VM image service
- Management databases
Other considerations for system and communication protections are:
- Automation of configuration
- Responsibilities of protecting the cloud: Including knowing where the responsibility lies between cloud service provider and cloud customer
- Detecting and logging of security events
Virtualization Systems Protection
Below are the relevant virtualization systems protection considerations:
- Protecting the management plane
- Isolation of the management network from other networks
- Proper network design as well as properly operating components: for example, firewalls
- Use of trust zones
Other Design and Plan Security Controls Considerations
- Management of authentication, identification and authorization within the cloud infrastructure
- Audit mechanisms
3.4 Plan Disaster Recovery and Business Continuity Management
Considerations for this subsection include:
- Understanding of the cloud environment with respect to the Business Continuity and Disaster Recovery (BCDR) plan
- Understanding of the risks
- Understanding of the business requirements
- BCDR strategy
- Creation of BCDR plan
- Implementation of BCDR plan
Domain 3 is one of the most difficult and verbose sections of the CCSP certification exam. Use the above article as a guide (though not your sole source of exam preparation for this domain), and you should be successful in passing the CCSP certification exam.
CCSP Certification Exam Outline, (ISC)2
CCSP Domain 3 Notes, Quizlet
Adam Gordon, “The Official (ISC)2 Guide to the CCSP CBK,” John Wiley & Sons, 2016