Page 1149 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1149
CSP uses isn’t as important as clearly understanding who is
responsible for performing different maintenance and security actions.
NIST SP 800-145, “The NIST Definition of Cloud
Computing,” provides standard definitions for many cloud-based
services. This includes definitions for service models (SaaS, PaaS,
and IaaS), and definitions for deployment models (public, private,
community, and hybrid). NIST SP 800-144, “Guidelines on
Security and Privacy in Public Cloud Computing,” provides in-
depth details on security issues related to cloud-based computing.
The cloud deployment model also affects the breakdown of
responsibilities of the cloud-based assets. The four cloud models
available are public, private, community, and hybrid.
A public cloud model includes assets available for any consumers
to rent or lease and is hosted by an external CSP. Service-level
agreements can be effective at ensuring that the CSP provides the
cloud-based services at a level acceptable to the organization.
The private cloud deployment model is used for cloud-based assets
for a single organization. Organizations can create and host private
clouds using their own on-premises resources. If so, the
organization is responsible for all maintenance. However, an
organization can also rent resources from a third party for
exclusive use of the organization. Maintenance requirements are
typically split based on the service model (SaaS, PaaS, or IaaS).
A community cloud deployment model provides cloud-based assets
to two or more organizations. Assets can be owned and managed
by one or more of the organizations. Maintenance responsibilities
are shared based on who is hosting the assets and the service
models.
A hybrid cloud model includes a combination of two or more
clouds. Similar to a community cloud model, maintenance
responsibilities are shared based on who is hosting the assets and
the service models in use.
