Understand CNAPPs with Our Guide
Understand CNAPPs with Our Guide
Cloud Infrastructure Definition
Cloud infrastructure is a collective term used to refer to the various components that enable cloud computing and the delivery of cloud services to the customer. This includes hardware, software, network devices, data storage and an abstraction layer that allows users to access virtualized resources.
Since virtual resources need to be accessed through applications in the cloud, the internet, or wide-area networks, cloud services have become a necessary component for most organizations’ long-term strategic growth plans. Some of the benefits the cloud offers include the ability to store and access huge amounts of data, lower costs, improved efficiencies, and its scalability.
How Does Cloud Infrastructure Work?
The cloud environment is enabled by a process known as virtualization. Put simply, virtualization is the process of making a “virtual version” of a physical asset, such as a piece of hardware or software.
Once created, virtual resources are then abstracted, meaning that they are separated from the physical asset that they are linked to and re-provisioned in the cloud.
Automation software and other tools are then used to create an interface that allows users to access cloud resources on demand via the internet.
The Complete Guide to CNAPPs
Download CrowdStrike's Complete Guide to CNAPPs to understand why Cloud-Native Application Protection Platforms are a critical component of modern cloud security strategies and how to best integrate them to development lifecycles.
Download NowWhat Are the 4 Components of Cloud Infrastructure?
Cloud infrastructure consists of four main components:
- Hardware
- Virtualization
- Storage
- Network
Components | Description |
---|---|
Hardware | As with a traditional on-premises IT infrastructure, a cloud infrastructure requires physical hardware. Common hardware components include servers, routers, firewalls, endpoints, CPU, RAM, load balancers and other networking equipment. These hardware components can be located virtually anywhere and are networked together within the cloud environment. One of the most notable components at the hardware level are servers. Put simply, a server is a device that is programmed to provide services to customers. This category includes: web servers, which host digital content online; file servers, which store data and other assets; and mail servers, which provide the foundation for email communication. |
Virtualization | Virtualization is the creation of a virtual environment that enables IT services not bound by hardware. In the case of the cloud infrastructure, virtualization software abstracts data storage and computing power away from the hardware, thereby allowing the users to interact with the cloud infrastructure through their own hardware via a graphical user interface (GUI). |
Storage | Cloud storage services are off-site file servers that take the place of traditional physical data centers. Like on-premises databases, cloud storage services store and manage data; typically third-party data storage services also back up stores. In this model, users can access data through the internet or a connected cloud-based application. Typically organizations leverage a third-party service provider, such as Amazon Simple Storage, Google Cloud Storage or Microsoft Azure, to host cloud data storage centers and related services. |
Network | Because cloud resources are delivered to users over the internet, there must be a networking component that connects those resources to the user. Networking services include hardware components, such as physical wiring, switches, load balancers and routers, as well as the virtualization layer that ensures cloud services are available and accessible to users remotely on demand. |
Cloud Infrastructure vs Cloud Architecture
Cloud infrastructure, as explained above, refers to the tools and components used to build a cloud environment. Cloud architecture, on the other hand, is the umbrella term that outlines how infrastructure protects the cloud and its components. Cloud architecture is usually thought of as the blueprint of how to use cloud infrastructure to protect the cloud. Some examples of components protected by cloud architecture include data, containers, workloads, middleware, automation, virtual machines, management tools, APIs, and more.
Gorillas
Read this customer story and learn why Gorillas, a grocery delivery service disrupting how people shop, leverages CrowdStrike to protect the thousands of endpoints within their cloud-only IT Infrastructure.
Download NowCloud Infrastructure Delivery Models
There are three delivery models for cloud services:
- Software as a service (Saas)
- Platform as a service (PaaS)
- Infrastructure as a service (IaaS)
SaaS Model
Software as a service (SaaS) is a cloud-based delivery model that allows users to access a software application from virtually anywhere with an internet-connected device, assuming security protocols are met. A third-party vendor manages all aspects of the software application, including coding, hosting, monitoring, updating and security, as well as the purchase and maintenance of the associated hardware, such as servers and databases.
PaaS Model
Platform as a service (PaaS) is a cloud computing model in which a third-party provides all infrastructure, including hardware and software needed by developers to build, develop, run and manage their own applications. This allows the customer to circumvent costly IT infrastructure investments, as well as the need to purchase software licenses and development tools.
IaaS Model
Infrastructure as a service (IaaS) is a cloud computing model in which a third-party cloud service provider (CSP) offers virtualized compute resources such as servers, data storage and network equipment on demand over the internet to clients. This significantly reduces or negates the need for physical servers, as well as an on-premises data center, and grants the organization much-needed flexibility to manage variable business needs quickly and cost effectively.
Types of Cloud Architecture
What are the different types of architecture?
- Public Cloud Architecture: A public cloud model is one in which infrastructure is hosted by a third-party service provider and shared by multiple customers or tenants. While each tenant maintains control of their account, data and applications hosted in the cloud, the infrastructure itself is common to all customers. While it tends to be the most affordable, it is also associated with the greatest risk since a breach in one account can jeopardize security across all users.
- Private Cloud Architecture: As the name suggests, a private or single-tenant deployment model is one in which the cloud infrastructure is offered via the private cloud and is used exclusively by one customer. In this model, cloud resources could be managed by the organization or the third-party provider. While it is far more expensive than a public cloud, it is the most leveraged by entities that manage or store sensitive information. This option grants these organizations more control and enhanced security of their data while ensuring compliance.
- Hybrid Cloud Architecture: Organizations are increasingly leveraging a hybrid cloud environment that combines elements of a public cloud, private cloud, and on-premises infrastructure into a single, common, unified architecture. This model grants organizations the option to deploy applications and services on a private or public cloud depending on the application use case, presence of sensitive data or regulatory requirements. The hybrid environment grants organizations increased flexibility and cost efficiencies, while also providing enhanced security.
Securing Cloud Infrastructure with CrowdStrike
CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise.
Powered by the CrowdStrike Security Cloud, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.