A comprehensive study guide covering cloud deployment models (public/private/community/hybrid/multi-cloud), cloud service models (SaaS/PaaS/IaaS/SECaaS — responsibility dividing lines), cloud infrastructure (VPC, cloud vs. on-premise, vendor lock-in, compliance), and the Cloud Access Security Broker (CASB) — forward proxy, reverse proxy, and API access methods.
A cloud deployment model classifies the ownership and management of the cloud — who controls the infrastructure and who shares it. Each model involves a different trade-off between security, cost, and control.
Cloud service models classify what the cloud provider gives you and where your responsibility begins. The dividing line between vendor and consumer responsibility is the critical concept — and it shifts dramatically across these three models.
A VPC is a private network segment within a public cloud, making resources available exclusively to a single cloud consumer. It's an IaaS product. Think of it as having your own private subnet inside AWS or Azure, isolated from other tenants using VLANs and virtual networking.
A Cloud Access Security Broker (CASB) is enterprise management software that mediates access to cloud services by users across all device types. It sits between cloud service consumers and providers, enforcing security policies, monitoring usage, and providing visibility into how cloud services are being used.