Secure Cloud Design Principles
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing Certified Cloud Security Professional premium course — no separate purchase.
Included in this chapter:
- The cloud secure data lifecycle
- Security responsibility by service model
- BC/DR sized by the business impact analysis
- Portability, interoperability, and vendor lock-in
- Cloud design patterns and DevSecOps
- Exam-pattern recognition
Who owns which security control, by service model
| Security responsibility | IaaS | PaaS | SaaS |
|---|---|---|---|
| Data classification & content | Customer | Customer | Customer |
| Identity & access management | Customer | Customer | Customer (configure) |
| Application security | Customer | Customer | Provider |
| Guest OS & runtime patching | Customer | Provider | Provider |
| Virtualization / hypervisor | Provider | Provider | Provider |
| Physical & network infrastructure | Provider | Provider | Provider |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- CSA Security Guidance for Critical Areas of Focus in Cloud Computing Whitepaper
- NIST Glossary — Data Loss Prevention (DLP)
- NIST SP 800-88 Rev. 1 — Guidelines for Media Sanitization Whitepaper
- NIST SP 800-34 Rev. 1 — Contingency Planning Guide for Federal Information Systems Whitepaper
- AWS Well-Architected Framework — Security Pillar Well-Architected
- Azure Well-Architected Framework — Security Well-Architected