|
virtual private cloud (VPC)
|
A virtual
private cloud (VPC) is the logical division of a service
provider's public cloud multi-tenant architecture to support private cloud
computing. This model enables an enterprise to achieve the benefits of
private cloud -- such as more granular control over virtual networks and an
isolated environment for sensitive workloads -- while still taking advantage
of public cloud resources.
The terms
private cloud and virtual private cloud are sometimes used incorrectly as
synonyms. There is a distinct difference -- in a traditional, on-premises
private cloud model, an enterprise's internal IT department acts as a service
provider and the individual business units act as tenants. With a VPC, a
public cloud provider acts as the service provider and the cloud's
subscribers are the tenants.
How
a virtual private cloud works
In a
virtual private cloud model, the public infrastructure-as-a-service (IaaS)
provider is responsible for ensuring that each private cloud customer's data
remains isolated from every other customer's data both in transit and inside
the cloud provider's network. This can be accomplished through the use of
security policies requiring some -- or all -- of the following elements:
encryption, tunneling, private IP addressing or allocating a unique virtual
local area network (VLAN) to each customer.
A virtual
private cloud user can define and directly manage network components,
including IP addresses, subnets, network gateways and access control
policies.
Benefits
and challenges of virtual private clouds
As
mentioned above, one of the biggest benefits of VPCs is that they enable an
enterprise to tap into some of the benefits of private clouds, such as more
granular network control, while still using off-premises, public cloud
resources in a highly scalable, pay-as-you-go model.
Another
benefit of VPCs is enabling a hybrid cloud deployment. An enterprise can use
a VPC as an extension of its own data center without dealing with the
complexities of building an on-premises private cloud.
Despite
the benefits of VPCs, they can also introduce some challenges. For example,
an enterprise might face some complexity when configuring, managing and
monitoring its virtual private network (VPN).
In
addition, while VPCs offer an isolated environment within a public cloud in
which workloads can run, they are still hosted outside an enterprise's own
data center. This means that businesses in highly regulated industries with
strict compliance requirements might face limitations on which kinds of
applications and data they can place in a VPC.
Before it
commits to a VPC, an enterprise should also verify that all of the resources
and services it wants to use from its chosen public cloud provider are
available via that provider's VPC.
Virtual
private cloud providers
Most
leading public IaaS providers, including Amazon Web Services (AWS), Microsoft
Azure and Google, offer VPC and virtual network services. |
|
06/03/2019 07:07 AM EDT
Original release date: June 03, 2019
The US-CERT
Cyber Security Bulletin provides a summary of new vulnerabilities that have
been recorded by the National
Institute of Standards and Technology (NIST) National
Vulnerability Database (NVD) in the past week. The NVD is sponsored
by the Department
of Homeland Security (DHS) National Cybersecurity and Communications Integration
Center (NCCIC) / United States Computer Emergency Readiness Team
(US-CERT). For modified or updated entries, please visit the NVD,
which contains historical vulnerability information.
The
vulnerabilities are based on the CVE vulnerability naming standard and are
organized according to severity, determined by the Common
Vulnerability Scoring System (CVSS) standard. The division of high,
medium, and low severities correspond to the following scores:
·
High - Vulnerabilities
will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
·
Medium - Vulnerabilities
will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
·
Low - Vulnerabilities
will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may
include additional information provided by organizations and efforts sponsored
by US-CERT. This information may include identifying information, values,
definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletins is compiled from
external, open source reports and is not a direct result of US-CERT analysis.
The
NCCIC Weekly Vulnerability Summary Bulletin is created using information from
the National Institute of Standards and Technology (NIST) National
Vulnerability Database (NVD). In some cases, the vulnerabilities in
the bulletin may not yet have assigned CVSS scores. Please visit NVD for
updated vulnerability entries, which include CVSS scores once they are
available.
May is Awareness for the following:
May
 American Stroke
Awareness Month
Better Hearing and Speech Month
Clean Air Month
Food Allergy Action Month
Global Employee Health and Fitness Month
Healthy Vision Month
Hepatitis Awareness Month
Melanoma/Skin Cancer Detection and Prevention Month
Mental Health Month
National Asthma and Allergy Awareness Month
National Celiac Disease Awareness Month
National High Blood Pressure Education Month
National Osteoporosis Awareness and Prevention Month
National Physical Fitness and Sports Month
National Teen Pregnancy Prevention Month
Ultraviolet Awareness Month
National Physical Education and Sport Week (May 1–7)
World Hand Hygiene Day (May 5)
North American Occupational Safety and Health Week (May
5–11)
National Stuttering Awareness Week (May 5–11)
Cornelia de Lange Syndrome Awareness Day (May 11)
National Women’s Health Week (May 12–18)
National Alcohol- and Other Drug-Related Birth Defects
Awareness Week (May 12–18)
HIV Vaccine Awareness Day (May 18)
National Asian and Pacific Islander HIV/AIDS
Awareness Day (May 19)
World Autoimmune Arthritis Day (May 20)
Don’t Fry Day (May 24)
National Senior Health Fitness Day (May 29)
Children’s Mental Health Awareness Week (TBA)
Food Allergy Awareness Week (TBA)
National Hurricane Preparedness Week (TBA)
National Neuropathy Awareness Week (TBA)
World Preeclampsia Day (TBA)
|
|
|
|
|
|
|
|
|
|
No comments:
Post a Comment