| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 16.5 - Managed Services in the Cloud
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series covers how to secure the services you run in the cloud, a growing concern within Domain 7. It explains what managed cloud services are, who owns security in each service model, what the four deployment models change, what anything as a service means, how scalability and elasticity differ, and what serverless architecture offers.
What this episode covers
- Managed cloud services — on-demand, highly available resources you rent or self-host, with encryption and your own held keys.
- Security ownership per model — software, platform, and infrastructure as a service shift more work to you the lower you rent.
- Public and private clouds — one open to any customer, the other serving a single organization exclusively.
- Community and hybrid clouds — one shared by organizations with a common concern, the other binding models together.
- Anything as a service — every capability delivered over the cloud, including security as a service and MSP or MSSP firms.
- Scalability versus elasticity — manual planned headroom versus automatic, on-demand capacity with no downtime.
- Serverless architecture — running pure code with function as a service that costs nothing while idle.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
What are managed cloud services?
They are computing resources you reach on demand from almost anywhere, highly available and easy to scale. You usually rent them from an outside provider, though you can also host a cloud on your own premises. Because resources outside your walls are outside your direct grip, encrypt everything sensitive both in transit and at rest. A sharp exam point is that you should hold your own encryption keys, not the vendor, which cuts insider risk and lets you destroy data by erasing the keys.
Who owns security in each cloud service model?
It depends on how much of the stack the vendor runs. With software as a service you get a finished application and the vendor maintains almost everything, though you still share responsibility for your configuration and data. With platform as a service the vendor supplies the operating system and runtime while you manage your own applications. With infrastructure as a service the vendor provides only the bare compute, storage, and networking. The lower down the stack you rent, the more security work stays on your plate.
What do the four cloud deployment models change?
They change who can use the cloud and who maintains it. A public cloud is open to any customer and run by an outside provider. A private cloud serves a single organization, either self-hosted or rented for exclusive use. A community cloud is shared by organizations with a common concern like a shared mission or compliance need. A hybrid cloud binds two or more of these together so data and applications can move between them.
How do scalability and elasticity differ?
Both add capacity, but the how and the when set them apart. Scalability is your ceiling: the ability to handle more load by adding resources, usually as a planned, manual step like shutting a server down to install more memory. Elasticity is automatic and dynamic, adding and removing resources on its own as demand rises and falls with no downtime, the way a shopping site spins up extra memory during a flash sale and releases it when the rush ends.
What is serverless architecture?
It is a model where you own only your code and the provider runs everything under it. There is still a physical server somewhere, but you never think about it. Each function runs independently, much like a microservice, so the provider can scale each one on its own. The real win is cost: a serverless function wakes only when called, does its job, then stops, so it costs nothing while idle. You will also hear this called function as a service.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 16.5 - Managed Services in the Cloud.