.jpg)
Technology Tap
Technology Tap
Cybersecurity Fundamentals : Cloud, Zero Trust, and You Chapter 6
Cloud perimeters are fading, identities are multiplying, and threats move faster than patches. We dive into the real mechanics of securing a hybrid world—mapping cloud deployment choices, clarifying shared responsibility across SaaS, PaaS, and IaaS, and showing how Zero Trust reshapes defenses around identity, posture, and context. It’s a practical tour from first principles to field-tested patterns, grounded by case studies like Capital One and SolarWinds and anchored in frameworks such as NIST SP 800-207.
We start by decoding public, private, hosted private, community, and hybrid models, then connect those choices to risk: multi-tenant isolation, data flows between zones, and the observability challenges of decentralization. From there, we move into reliability engineering—high availability, geo-redundancy, disaster recovery—and the role Kubernetes plays in scaling securely, with a frank look at container pitfalls and how least privilege and image scanning reduce blast radius. Automation takes center stage with infrastructure as code, autoscaling, and software-defined networking, plus how SASE brings secure access to a remote-first workforce without bolting on more complexity.
Embedded systems and IoT get a hard look: scarce memory, weak encryption, default credentials, and unpatchable firmware that turns convenience into risk. We offer a simple playbook—segment aggressively, enforce egress controls, rotate credentials, and plan device lifecycles—to stop small sensors from causing big outages. Zero Trust ties it all together: never trust, always verify; microsegment to prevent lateral movement; and evaluate every access request through identity, device health, and real-time signals. Along the way, we weave in Security+ exam-style questions so you can test your knowledge and lock in the fundamentals.
If this helped you see your cloud and Zero Trust roadmap more clearly, follow the show, share it with a teammate, and leave a quick review. Got certified recently or put these controls into practice? Email professorjrod@gmail.com—we’d love to shout you out on a future episode.
Interviews with Tech Leaders and insights on the latest emerging technology trends.
Listen on: Apple Podcasts Spotify
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
And welcome to Technology Tech. I'm Professor J. Rod. In this episode, Secure Cloud and Zero Trust, building the future of security. Let's tap in. Where we keep tapping into technology one bite at a time. Today we're diving deep into the critical era of modern cybersecurity, secure cloud network and architecture, and zero trust framework. This episode will guide you through unpacking cloud models, service responsibilities, design, embedded systems, IoT, and the zero trust mindset that defines the future of enterprise defense. We'll explore how AWS Azure and Google Cloud structure share responsibilities and why IoT devices are both a blessing and a curse for security teams. So grab your notebook because by the end you have a full map of how cloud and zero trust architectures come together in today's hybrid world. Cloud deployment models. Let's begin with cloud deployment models. The blueprint of how organizations choose to operate in the cloud. There are five key models. Public cloud, multi-tenant. Think AWS or Azure. Multiple customers share the same infrastructure, like renting an apartment in a high-rise building. Private cloud, dedicated infrastructure, your own house, your own locks. Ideal for highly regulated industries like healthcare or finance. Hosted private cloud, a middle ground. It's private but hosted by someone else, often managed through third-party providers. Community cloud, shared among organizations with common goals. Think of a group of hospitals pulling resources under HIPAA. Hybrid cloud, a combination of on-premise and public cloud, perfect for workloading balance and legacy app integrations. Security implications. In a single tenant setup, you have more control but more cost. In a multi-tenant model, isolation is key. Data leakage across tenants is a real risk. Hybrid adds flexibility but complicates security monitoring. Data moves in and out consistently. During the COVID-19 pandemic, many companies adopted hybrid clouds to handle sudden remote surges. For instance, Zoom leveraged AWS capacity to scale globally without owning the hardware. Next, now that we place our workloads, let's explore cloud service models. SaaS, PaaS, and IS, IAS. SaaS or Software as a Service. Applications delivered over the web. Think Google Workspace, Salesforce. You focus on data and access provider manages infrastructure and software. PLAS, platform as a service. Developers playground. Think Microsoft for Zura App Service. You handle code, they handle runtime. And then infrastructure as a service, raw compute and storage, AWS EC2, Google Compute Engine, UCigure OS, patches, firewalls. The responsibility matrix divides who handles what. Cloud providers secure physical infrastructure, DDoS protection, and regional redundancy. The customer secures identities, access control, encryption tools, and application settings. Tip misconfigurations remain a top cause of cloud breaches. Just ask Capital One in 2019. The data was exposed not by AWS but by poorly configured web application firewall. Security Plus tip Expect exam questions testing which party is responsible for encryption, backup, ORS patches, and various models. Centralized versus decentralized. Before the cloud, computing was centralized, mainframes, data centers, and everything under one roof. That model offered control but lacked agility. Enter decentralization, distributing, processing, and data across nodes. Today's blockchain, peer-to-peer, and IoT network embody this. Blockchain decentralized trust, no single point of failure. CDNs like Cloudflare replicate content globally, cutting latency. And ILT devices process data at the edge, close to users. Here's an example. Netflix uses CDNs worldwide. Ever notice how your show starts instantly? That's decentralized caching at work. Challenge Security monitoring becomes more complex. You need unified visibility across thousands of endpoints. Segment four. Releasy means designing for failure in the cloud. It's not if something fails, it's when. Replication, copying data across zones, local, local, regional, georedundant, high availability, multiple instances across available availability zones so that one server failures doesn't crash your service. Disaster recovery, backups and automation to resolve within minutes. Think of a gaming service like Xbox Live. Users expect uptime 24-7 all the time. Microsoft uses geo-redundant storage to ensure gamers stay connected even during regional outage. Right? And especially during Christmas when everybody gets their new gift. And Kubernetes orchestrators orchestrates thousands of containers, ensuring scaling and health checks automatically. Security note containers share host OS One misconfiguration equals potential privilege escalation. Use least privilege and imaging scanning tools like Trivi. Cloud automation and SDN. Automation is the secret sauce of the modern cloud. Let's break it down. Infrastructure as a code, use YAML or Terraform scripts to deploy identical environments, reducing human error. Load balancing, distribute traffic automatically. Auto scaling, add resource on demand. Think retail searches on Black Friday. I remember those days when I worked in retail. Ed computing, move computational computations closer to the user for faster response. Then we hit software-defined networking. It separates controller plane, decides routes and policies, data plane, moves packets, and management planes, monitor performance. Imagine SDN as air traffic control for your network. Dynamic, policy driven, secure. Here's an example. Google's cloud SDN can reroute traffic around outages automatically. Keeping services up. You don't have to worry about crashing. Next. Cloud security considerations. With great scalability comes great responsibility. As Pete Parker once said. Patching, use automated patch management. Secure communications, use BPN, private endpoints. SD WAN and SASE combined networking. Combined networking and security for remote work. Case study during the solar winds breach, compromise software updates propagated through cloud environments. Lesson integrity validation of code and supply chain matters. For security plus, understand how SASE integrates firewalls as a service, zero trust network, and CSAB in one framework. Embedded systems and the Internet of Things. Let's switch gears to embedded systems. Specialize computers in everything from cars to pacemakers. RTOS, real-time operating systems, run deterministic code for safety critical environments. ICS and SCADA systems run factories, power grids, and pipelines. Targets for nation state attacks. Like the one that they had in New York City here in September, where they found a whole bunch of phones and servers that can send three million text messages a minute.
unknown:Right?
SPEAKER_00:That can take down the communications. Next, Internet of Things. Billions of devices, often insecure, insecure by design. And my my definition of Internet of Things when they first came out, not so much now, which I would tell my students, is things that need the internet, but you really can't go on the internet with those things.
unknown:Right?
SPEAKER_00:So like the ring doorbell needs the internet, but I can't go to the ring doorbell and and you know go on the internet. And you know, A-L-E-X-A, I can't say it because I have one right next to me. That was a device that didn't, you know, right when it first came out, it needed the internet, but you can't go on the internet with it. But actually now you can, especially now with the plus that they added to it. Billions of device, often insecure by design, minimal memory equals weak encryption, rush products, unpacked, unpatched firmware, and default passwords open the door. But here's the thing about Internet of Things or things like this in general. If they are convenient, then people will buy them. If they're inconvenient, no one's gonna buy them. Right? If you make it harder for people to buy it because they're inconvenient, no one's gonna buy it. You gotta you have to make it convenient for people. So one of the things that happens is you give up security. But after a while, I think people, if you slowly introduce them to security, I think it gets a little bit easier. The example I give is multi-factor authentication. Nobody wanted to do multi-factor authentication years ago. Now, everybody's used to a one-time password being sent to your phone, so now you can implement a lot of more multi-factor authentication because people are now used to it. Right? That's something that they've gotten common to. So, all right, real event in 2016. The Mary Botnet hijack IoT cameras taking down Twitter, Netflix, and Reddit. Best practice segment IoT networks, change the default. Follow IoT SF, IIC, CSA, and ETSI frameworks. Next, zero trust architecture. Finally, zero trust, the security philosophy of our era. Old model was trust but verify, the new model, never trust, always verify. Drivers, cloud, remote work, BYOD, and wireless network. Zero trust key components, identity and access management, micro segmentation, policy enforcement points, continuously monitoring, threat detection and prevention, the benefits, improved governance, granular access, minimize lateral movement. NIST Zero Trust Framework, SP 800-207, sets the gold standard and aligns your exam prep with its principles. Real world example, Google's Beyond Corp Pioneered Zero Trust. Employees authenticate based on identity and device posture, not network location. Alright, now that we've done all that, let's take a look at our questions. We're gonna have four questions, and the way I do it is I ask you a question and then I give you the four choices, and then I repeat the question and the four choices, and then I wait five seconds and you try to get the right answer. Alright, question one. The company hosts a web application on AWS EC2 instance and manages its own operating system, security groups, and encryption keys. According to the share responsibility model, who is responsible for securing the underlying hardware and the physical data center? A the customer B AWS C third party security provider or D the network administrator. Alright, let's take it again. A company hosts a web application on AWS EC2 instance and manages its own operating systems, security groups, and encryption keys. According to the share responsibility model, who is responsible for securing the underlying hardware and physical data center? A the customer B AWS C third party security provider or D the network administrator. I'll give you five seconds to answer. Five, four, three, two, one, and the answer is B, AWS. In the IAAS model, the infrastructure as a service model, the cloud provider, in this case being AWS, is responsible for physical security, infrastructure, and hypervisor maintenance. The customer manages the OS, apps, and data. The division ensures isolation between tenants, but requires correct configuration by the client. I think this is a little bit of an unfair question because it doesn't say if it's SaaS or PaaS or infrastructure as a service. But it does give you the share responsibility model. So that's the clue in the question. Alright, question two, deployment models. A hospital consortium shares a private cloud designed for HIPAA compliance, where multiple hospitals use the same cloud infrastructure to manage the patient data securely. Which cloud deployment model best fits this scenario? A public cloud, B private cloud, C Community Cloud, D. Hybrid Cloud. I'll read it again. A hospital consortium shares a private cloud designed for HIPAA compliance, where multiple hospitals use the same cloud infrastructure to manage the patient data securely. Which cloud deployment model best fits this scenario? A public cloud, B, private cloud, C Community Cloud, D hybrid cloud. I'll give you five seconds. Community cloud is used by organizations with shared mission policies or compliance needs. Healthcare or education. A lot of these places, a lot of these exams have keywords. You find the keyword, you're gonna find what the answer is. So ILT security risk. Alright, question three. A manufacturer deployed hundreds of ILT sensors in a factory. After deployment, they discovered the devices cannot receive firmware updates or patches. What is the greatest security risk associated with these devices? A. They use too much bandwidth. B. They cannot connect to the corporate network. C. They may become unpatchable and vulnerable to exploits. D. They're incompatible with SDN controllers. I'll read it again. It's an IoT security risk question. A manufacturer deployed hundreds of IoT sensors in his factories. After deployment, they discovered the devices cannot receive firmware updates or patches. What is the greatest security risk associated with these devices? A. They use too much bandwidth. B they cannot connect to the corporate network. C They may become unpatchable and vulnerable to exploits, or D. They're incompatible with SDN controllers. I'll give you five seconds to think about it for the answer. 5, 4, 3, 2, 1. And the answer is C. They become unpatchable and vulnerable to exploits. IoT devices often lack resources for patching. Unpatchable firmware is a significant risk because vulnerabilities remain exploitable for the device lifecycle. Best practice to segment IoT networks and replace outdated hardware. Yeah, some of these devices you cannot upgrade. You just have to replace it. Right? Like the I think the older versions of ALEXA, the ones without a screen, I don't think you can update them. I think you just you just have to replace them. In my opinion, they've gotten a lot better. But yeah, they went from no screen to little screens, bigger screens, and now they have a whole whole thing. I'm a big fan of them. If you don't know that already, I'm a big fan of A L E X A. Alright, last question. Zero trust architecture. An organization is trans transitioning to a zero trust model. Which principle best defines this architecture? A trust users inside the network perimeter. B verify only external connections. C assume every user and device is untrusted, requiring continuous verification. And D apply least privilege to network devices only. I'll read it to you again. An organization is transitioning to a zero trust model. Which principle best defines this architecture? A trust users inside the network perimeter. B verify only external connections. C assume every user and device is untrusted, requiring continuous verification, or D. Apply these principles to network devices only. I'll give you five seconds. Think about it. Five, four, three, two, one. And the answer is C assume every user and device is untrusted, requiring continuous verification. Zero Trust Foundation is never trust, always verify. Every access request, either internal or external, requires authentication, authorization, and continuous monitoring. This model mitigates lateral movement and insider threats aligned with NIS SP 800-207 guidance. So, how do you do? Did you get them all right? Did you get some of them right? Review these concepts before you practice for your next Security Plus exam. Right? Hopefully, you will take it very, very soon. I actually had a student take it recently and he passed. I'm so proud of him. He he let me know that he passed. So let me know if you take an exam and uh and you pass. I'll give you a shout out if you email me at professorjrod at gmail.com and you tell me that you passed any of the Compte exams. I just passed my pen plus a couple of weeks ago. So very happy with that. That's my seventh certification. So yeah, you could be, you know, you can do it. If an old guy like me can do it, anybody can do it. Right? So if you are if you passed the exam recently, send me a note. I'll I'll throw you a shout out. Right, we can do that, I'll throw you a shout out. Alright. We just tapped into one of the most critical lessons in modern cybersecurity. How cloud infrastructure architecture and zero trust redefined security from the ground up. From cloud public cloud to microservices, IoT to identity. This episode covered technology shaping your future as a cybersecurity professional. I'm Professor J Rod. Thank you for tuning in to Technology Tap. Remember to study responsibly, secure your configurations, and as always, keep tapping into technology. This has been a presentation of Little Catcha Productions, art by Sarah, music by Joe Kim. We're now part of the Pod Match Network. You can follow me at TikTok at Professor J Rod at J R O D, or you can email me at Professor Jrod at J R O D at Gmail.