Domain 3: Cloud Platform and Infrastructure Security

19% weightage is given to the third CCSP domain, titled “Cloud Platform and Infrastructure Security”, in the certification exam. This CCSP domain explains the components of cloud infrastructure, as well as the risks associated with it, and provides a variety of techniques to mitigate these risks. It also outlines four sub-objectives.
Comprehending cloud infrastructure components
Analysis of the risks associated with cloud infrastructure
Planning and designing effective security controls
Plan for disaster recovery and business continuity planning

Comprehending cloud infrastructure components
This first sub-objective requires that the certification seeker understand the infrastructure components in the cloud, including the physical environment and network communication.
Data centers are the physical environment that store and capture customers’ and organizational data. These data centers must be fail-proof. This can be achieved by having multiple backup and power units.
Analysis of cloud infrastructure risks The candidate should also be familiar with concepts of qualitative as well as quantitative risk assessment.
Planning and designing efficient security controls
Physical and Environmental Protection (e.g. on-premise)
Protection of System and Communication
Virtualization Systems Protection
Cloud Infrastructure Management: Authorization, Authentication, and Identification
Audit Mechanisms
A good way to reduce risks is to implement adequate security controls. You can do this by ensuring that all assets are securely located. After performing background checks, all entry and exit points should be monitored. Employees must be issued badges.
Cloud auditing is a good option for auditing in different business environments. However, it is difficult to do as cloud auditing is not possible because the data may be stored in different places in the cloud. Also, cloud providers might not be willing to share the information.
The CCSP exam validates the candidate’s knowledge about cloud audit goals, and different types audit reports (SOC1, SOC2, and SOC3).
Plan for disaster recovery and business continuity planning
It is essential to ensure that disaster recovery and business continuity are achieved in the cloud after having implemented adequate security controls. These topics are the core of any information security program or discussion.
The candidate must be able to comprehend the BC and DR in a cloud environment. They also need to know how to redraw it. After customers’ data has been moved to the cloud, the BIA (or ‘Business Impact Analysis’) might be required.
Candidates for certification must have a deep understanding of cloud environments, business requirements, as well as security risks. Candidates must be able to: