CompTIA Cloud+ CV0-003 – Domain 2.0 Cloud Security Part 3

  1. Remote Access Tools

Let’s talk about remote access tools. Essentially, you’re going to need to access your cloud resources, and of course there are several different ways to do that. We’re going to focus mainly on the ways that the exam is going to expect you to understand how to access your cloud resources. The first thing to note is, of course, to use the right tool to access and manage your cloud resources. There are a few different approaches you could take. The first is, of course, the SNMP simple network management protocol. Some vendors and some cloud providers allow access. You would, of course, need to have a VPN set up and some kind of baseline security setup as well. But with that said, SNMP is certainly an acceptable way to manage some cloud devices. For example, to monitor essentially Snap is, of course, more secure than version 1. You certainly don’t want to use V1 if you don’t need to, and I doubt the provider would support it.

When it comes to virtual private networks generally, these are used to securely access a private network and share data remotely through public networks. Essentially, a VPN’s goal is to protect your data on the network. It’s a very proven way to set up a secure connection to your cloud. Virtual private clouds are essentially an on-demand configurable pool of shared resources allocated within a public cloud. provides a certain level of isolation between the different organizations. AWS also offers a Virtual Private Cloud solution. Now, as a quick aside, we’ll discuss SSL, the Remote Datagram Protocol (RDP), and a few other modules. Let’s go ahead and finish up this part of the objectives. VPNs are a proven way to set up a secure connection to your cloud for the exam. Just make sure you understand what a VPC is and perhaps why you want to use it. There is certainly a question about identifying what a VPC is. Even though it wasn’t referencing Amazon, it was surprisingly similar to what you would do on Amazon. I’ll leave it at that.

  1. Federation

Let’s talk about federation briefly now. We’re all familiar with federation, but I want to make sure that you understand another term and how it plays into federation and perhaps SSO as well. Federated Identity Management is an arrangement that can be made among multiple enterprises that lets subscribers use the same identification data to obtain access to the networks of all enterprises in the group. Now, generally, you’re going to see federated identity management, and typically in an environment where you have company A, perhaps joined by company B, generally you’re not going to have enterprises just agree to use the same credentials or ID data to log into themselves for each other.

So just be aware that this isn’t frequently used, but it could be used in certain situations where company A is buying company B and they want to make sure that everybody falls under the same umbrella, even though, again, they’re still two separate companies from a legal perspective. But they’re just waiting on the final, I guess, SEC paperwork or whatever might be required when it comes to federated identities. SAML (two dots) is very widely used. We discussed SAML, such as Open Auth and Open ID, in one of the previous modules. Why do we want to use those when we should use them?

Just be aware that SAML is perhaps the most widely used markup language when it comes to single sign-on, for example. Now, single sign-on is on, and we’re going to go ahead and talk more about that in a second. Hybrid cloud. Now, hybrid cloud is, of course, what? That’s where your company’s corporate infrastructure is typically tied into some kind of public cloud component. An example of an IAM solution would be AWS Im. Im Cloud is another popular solution on the market. That’s more of a SaaS solution. Single sign-on is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. For example, when you log into your corporate network, the access that you’ve been granted typically is a single sign-on service that you are using and that is going to allow you to update your time cards, go over to the company intranet, or perhaps go over to the resources that you’re using, such as Microsoft Word or whatever it is. So, of course, single sign-on is widely used, and you should be aware of what it is for this exam and that it is for user authentication. Just be aware of that. It’s not an authorization service.

That’s probably one of the areas people get confused over. LDAP and Active Directory, those are of coursewidely used in enterprises and tie in well to a lot of the cloud service providers. There are also SaaS solutions out there that provide a solid SSO solution as well. Remember what single sign-on is? It is a session and user authentication service that permits a user to use one set of login credentials to access multiple applications. And for the exam, make sure you understand what federated identity is and what single sign-on is.

  1. Vendor to Know – Okta

Another vendor that I think is worth mentioning is Okta. Okta has a fairly broad solution set, and I’m under the It products. Actually, if I go over to Products, you can see that I’m under It Products. They also have robust solutions around integration and APIs. But specifically for this course, the certification, I think it’s worth taking a few minutes to look at what they have. This is a SaaS solution for security. As an example, consider single sign on. So single sign-on is what? This is where they’re able to access different applications, whether in the cloud or mobile, with basically a single sign-on. It’s very simple, right? So again, check them out, and multifactor authentication is another area that you may want to take a quick look at. So if you go over to learn more, you can see that they talk about security. They give you some ideas around security that you may want to look at and pay attention to. Again, they tell you about the product—again, nothing out of the ordinary—and they explain how this SaaS solution works. Again, just take a few minutes to check out their capabilities.

  1. SSO

When it comes to logging into corporate resources or consumer resources, it’s important to understand how the authentication works, typically in federation but also in SSO as well. Let’s go ahead and discuss that. When it comes to authentication, it’s important to understand what it really means because, generally, authentication and authorization get confused. So let’s just realise that authentication is the process of validating a user’s credentials, and authorization occurs after authentication. So once again, authentication is the process of validating a user’s credentials, whereas authorization occurs after authentication. In other words, you have to have the key to get in. Once you’ve used the key and gained access, you’re essentially authorized. We also have a term called “A,” which stands for authentication, authorization, and accounting. This is essentially a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. This is important.

Once again, the cloud provider is validating not only who you are, but also what you’re doing, how you’re paying, and that you’ll pay the bill. Essentially, sample is now secure ascertain markup language. Now this is essentially a standard that’s widely used for SSO. Now on the exam, I just want to make sure that you understand that Sam Will is widely used for SSO. This is more for the enterprise, more or less. So we’ll talk more about that here in a second. ID Open ID is a standard that is typically sponsored by social media companies. For example, if you want to go over to one of the newspaper websites, it may ask you to log in and say, Hey, do you want to create an account or do you want to use Facebook, LinkedIn, Snapchat, or whatever options are there? This basically allows you to be authenticated by a third party. So, say the Washington Post or the Washington Times proposed, say the Washington Post is essentially saying, “Okay, well, we’ll use your Facebook login as long as Facebook says it’s valid.” You won’t have to create an account this way. This allows you to choose your preferred Open ID provider. This allows you, of course, to be authenticated. Essentially, this is a fairly common scheme that exists. Once again, you see this typically on a lot of the social media sites, but you also see it on newspaper sites and in retail as well.

Again, Open ID is good for sites that are more consumer-facing. You wouldn’t use this for an enterprise, for example. This would be a totally unacceptable Open ID vulnerability. So with that said, there are going to be possible vulnerabilities out there. Some of these could be phishing attacks or authentication flaws. Once again, this is not an enterprise solution. I don’t encourage my customers to use this at all. But once again, some people like it. Because, again, the one use case I see for this is if you have a consumer base that is not willing to sign up for accounts but you want some way to track usage for your website and get an idea of the demographics per se, this could be a good solution to meet the consumer halfway. Open off. This is an open standard. This is different from Open ID and Sam’l because this is more for authorization than authentication. And one thing to know about OpenOff is that it is very insecure.

It doesn’t support, for example, signatures, encryption, channel binding, or client verification, for example.Once again, this is not really widely used in a lot of cases, except in the case of a server-to-server approach where you may have big data services using a service account. This is a good example. So here’s a really good comparison that compares open ID to opening up to SAML. On the exam here You’re not going to need to know all these details. This is more for informational purposes. But I do encourage you to know why you want to use Open ID. Open author Sam’l, but you don’t need to know anything about protocols or current versions. But do understand the main purpose. This is again going to be testable. You will likely see one question in this area. Make sure you know what SAML is. This is an umbrella standard that encompasses profiles, bindings, and constructs to achieve single sign-on on the Federation and identity management. Understand what the SSO options are for both consumers and enterprises. Remember to use either Open ID or SAML for Enterprise Solutions for SSO if you are a consumer. So those are generally the two use cases.

  1. Vendor to Know – Jamcracker

Welcome back. So let’s go ahead and talk about a cloud services broker. Give me an example of one. There are numerous ones out there, but one of my favourites is Jam Cracker. Now Jam Cracker is again considered one of the leaders in the industry. They’ve been around quite a while, and their platform is second to none. So why do you want to have a cloud broker? Again, in the course content, we talk quite a bit about it, but like anything, there are things in life you need help with. There are also some things that you simply do not excel at or for which you do not have the time. You could do it, but you don’t have the time. Using a cloud broker like Jam Cracker could facilitate the success of your cloud or your customers’ cloud, whatever the situation is. So going to a cloud services broker can definitely enable your organisation or your customer’s organisation to get a faster return on investment and lower the total cost of ownership. And once again, if you’re using Microsoft Deserve, this is a perfect scenario if you’re a Microsoft solution provider. great capability here. So let’s go ahead and talk about some of the capabilities that GM Cracker has. So let’s go ahead and talk about Microsoft CSP. Now, lots of partners use Microsoft CSP.

If you come over here again, they’ll be happy to provide a demo of the platform for you. But if you go down here, you can see that they support quite a bit of Microsoft capability, everything from Microsoft Azure to OneDrive to Active Directory, which, to be very honest, is very important in the sense that Active Directory generally is one of the more challenging areas for even a lot of service partners. They just don’t have the expertise. So this could be a great opportunity for your organization. They also support other areas like Office365, Exchange, and, oddly enough, Skype for Business, Microsoft Dynamics, and SharePoint. And once again, take a look at their capabilities. Again, I won’t spend a lot of time on this again; if you’re a CSP, you already know the value that this could probably provide you depending on what you’re doing. They support all kinds of capabilities, from deployment to billing to support as well. So, once again, for Microsoft CSPs, take a look at this. So what about if you’re not a Microsoft CSP? What can they do for you? Again, if you go to solutions and bring it down here, this is actually one of the value points. Of course, they’re a cloud services broker, and you should investigate their capabilities. But again, they can support you in so many different ways. Anything from it as a service to software as a service is acceptable. Whatever you’re doing, they can probably help you with it. Go over the platform here, which brings you down to their platform. It tells you about areas like IAM, identity management, workflow management, and governance. Now again, this could be an area that is a big deal.

One of the more challenging areas could be aggregation. Now, aggregation is where you’re trying to bring services together, for example, like Office 365 or Salesforce, whatever it is, and you’re trying to integrate them together. This is the way that you could aggregate those services to provide value and reduce the time it takes to develop that new service. Great capability there. So again, they’ve got many different capabilities here. I won’t spend a lot of time on it, but again, feel free to take a look at what they have. And lastly, they do have quite a bit. If you go over to partners, I’m sorry, you can become a partner, and then if you go over to resources, they have a large portfolio of case studies, webinars that you can join live or recorded, and white papers. So again, I encourage you to take a look at GMCracker to see how they could help you or your customers ramp up on the cloud quickly to increase that ROI, reduce that TCO, and really just go to market quicker. So, once again, if you have any questions, please contact me. Thank you for joining.

img