Page 1148 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1148

to store and process data stored in the cloud. As an example, the
               Department of Defense (DoD) Cloud Computing Security

               Requirements Guide defines specific requirements for U.S.
               government agencies to follow when evaluating the use of cloud
               computing assets. This document identifies computing requirements
               for assets labeled Secret and below using six separate information
               impact levels.

               There are varying levels of responsibility for assets depending on the

               service model. This includes maintaining the assets, ensuring that they
               remain functional, and keeping the systems and applications up-to-
               date with current patches. In some cases, the cloud service provider
               (CSP) is responsible for these steps. In other cases, the consumer is
               responsible for these steps.

               Software as a service (SaaS) Software as a service (SaaS) models
               provide fully functional applications typically accessible via a web

               browser. For example, Google’s Gmail is a SaaS application. The CSP
               (Google in this example) is responsible for all maintenance of the SaaS
               services. Consumers do not manage or control any of the cloud-based
               assets.

               Platform as a service (PaaS) Platform as a service (PaaS) models
               provide consumers with a computing platform, including hardware, an
               operating system, and applications. In some cases, consumers install

               the applications from a list of choices provided by the CSP. Consumers
               manage their applications and possibly some configuration settings on
               the host. However, the CSP is responsible for maintenance of the host
               and the underlying cloud infrastructure.

               Infrastructure as a service (IaaS) Infrastructure as a service
               (IaaS) models provide basic computing resources to consumers. This
               includes servers, storage, and in some cases, networking resources.

               Consumers install operating systems and applications and perform all
               required maintenance on the operating systems and applications. The
               CSP maintains the cloud-based infrastructure, ensuring that
               consumers have access to leased systems. The distinction between
               IaaS and PaaS models isn’t always clear when evaluating public
               services. However, when leasing cloud-based services, the label the
   1143   1144   1145   1146   1147   1148   1149   1150   1151   1152   1153