Cloud Deployment Models
Cloud deployment models — public, private, hybrid, and community — describe who owns and can access a cloud environment. CCSP maps risk and compliance obligations to the chosen deployment model.
Cloud deployment models — public, private, hybrid, and community — describe who owns and can access a cloud environment. CCSP maps risk and compliance obligations to the chosen deployment model.
The shared responsibility model divides security duties between the cloud provider and the customer, with the split shifting across IaaS, PaaS, and SaaS.
IaaS, PaaS, SaaS are the three core cloud service models, delivering infrastructure, a development platform, or complete applications respectively.
Cloud deployment models — public, private, hybrid, and community — describe who owns and can access a cloud environment.
The cloud data lifecycle is the six phases data moves through: create, store, use, share, archive, and destroy.
Tokenization replaces sensitive data with a non-sensitive surrogate token that has no exploitable meaning, keeping the real value in a separate secured vault.
Data masking obscures sensitive fields — by shuffling, substituting, or redacting — so non-production or lower-trust users cannot see real values.
Key management is the secure generation, distribution, rotation, storage, and destruction of cryptographic keys.
Information Rights Management (IRM) attaches persistent, policy-based access controls to a file so restrictions travel with the data wherever it goes.
The management plane is the administrative interface — APIs and consoles — used to configure and control cloud infrastructure.
Hypervisor security protects the virtualization layer that hosts guest VMs, guarding against escape attacks and cross-tenant compromise.
Business Continuity and Disaster Recovery (BCDR) planning keeps cloud-hosted services running and recoverable through disruptions.
The OWASP Top 10 is a widely used list of the most critical web-application security risks, such as injection and broken access control.
Secrets management securely stores and distributes credentials, API keys, and tokens so they are never hard-coded into cloud applications.
SOC Reports (SOC 1, SOC 2, and SOC 3) are independent audit attestations that describe and validate a service provider's controls.
eDiscovery is the identification, collection, and production of electronically stored information for legal proceedings, which is complicated in multi-tenant cloud environments.