SC-900 PART 1; DESCRIBE THE CONCEPTS OF
SECURITY AND COMPLIANCE TEST
Shared Responsibility Model
It defines which security tasks are the responsibility of cloud provider, and
which security tasks are the responsibility of the customer himself.
Consequently, it makes responsibilities clear.
On-premises datacenters
You are responsible for everything from physical security to encrypting
sensitive data
Infrastructure as a Service (IaaS)
cloud service that requires the most management by the cloud customer; cloud
customer still has responsibility for software components running on that
computing infrastructure such as operating systems, network controls,
applications, and protecting data
Platform as a Service (PasS)
Provides an environment to build, test, and deploy software applications. This
service enables you to quickly create an application without managing the
underlying infrastructure. The hardware and operating systems are managed by
the cloud provider while the customer manages the applications and data.
Software as a Service (SaaS)
, hosted and managed by the cloud provider, for the customer; licensed
subscription (Ex: Microsoft 365, Skype, Dynamics CRM); requires the least
amount of management by the could customer
Defense in depth
A defense that uses multiple types of security devices to protect a network. Also
called layered security;uses a series of mechanisms to slow the advance of an
attack
Example of layers of security
Physical
Identity and Access
Perimeter
Network
Compute
Application
Data
Physical security
limit access to a datacenter to authorized personnel only
Identify and access security controls
control access to infrastructure and change control, such as multifactor
authentication or condition-based access
Perimeter security of network
SECURITY AND COMPLIANCE TEST
Shared Responsibility Model
It defines which security tasks are the responsibility of cloud provider, and
which security tasks are the responsibility of the customer himself.
Consequently, it makes responsibilities clear.
On-premises datacenters
You are responsible for everything from physical security to encrypting
sensitive data
Infrastructure as a Service (IaaS)
cloud service that requires the most management by the cloud customer; cloud
customer still has responsibility for software components running on that
computing infrastructure such as operating systems, network controls,
applications, and protecting data
Platform as a Service (PasS)
Provides an environment to build, test, and deploy software applications. This
service enables you to quickly create an application without managing the
underlying infrastructure. The hardware and operating systems are managed by
the cloud provider while the customer manages the applications and data.
Software as a Service (SaaS)
, hosted and managed by the cloud provider, for the customer; licensed
subscription (Ex: Microsoft 365, Skype, Dynamics CRM); requires the least
amount of management by the could customer
Defense in depth
A defense that uses multiple types of security devices to protect a network. Also
called layered security;uses a series of mechanisms to slow the advance of an
attack
Example of layers of security
Physical
Identity and Access
Perimeter
Network
Compute
Application
Data
Physical security
limit access to a datacenter to authorized personnel only
Identify and access security controls
control access to infrastructure and change control, such as multifactor
authentication or condition-based access
Perimeter security of network
