9 hours 48 minutes
All right, let's talk about Gap, because that's what it's all about. We gotta protect our dad. I've got to keep it safe. We won't protect the confidentiality, integrity and availability of data.
Dad exists in different states, right? You know, gotta you could be working on Dad. It's loaded into RAM. You're manipulating it. Data could be in transport across the network, or data can be stored in a drive at rest.
So we have different types of protection for data, depending on you know where it exists. So the first thing that we would talk about us, we talk about data at rest, and it could be abbreviated D A r. I really don't see that. But that addressed.
So to protect that at rest, we've got to think about encryption. That's usually the easiest thing, right? We're thinking about that privacy. We have to encrypt. Absolutely.
We also want to make sure that we have redundancy of data from an availability standpoint as well.
So I've got data stored on a dry drive or on a device while it's in storage. I want to make sure that I've encrypted it. Want to make sure that I protected
now data in motion. This is where it gets tricky because we're sharing information, right? The whole nature of sharing
is to make things available. The whole nature of securities toe lock down that availability and limit access. So that idea of network security is kind of an oxymoron, right? I mean, you have one thing whose function is to share the other. That's function is to protect.
It's very difficult. So it always goes back to
how we want to work this out. So we get the greatest benefit for the least cost. And we remember also that when we talk about cost benefit analysis, it is not always dollars. It's not always money that we're talking about cost or benefits.
You know, anytime you implement security, it will cost you something
may cost you. Time may cost you. Performance may cost you ease of use backwards compatibility those air, all costs associated with implementing security.
Right. Um, the benefit may not be, you know, hardened fast dollars. It maybe you know that we lose less money this year than we did last year.
Customer confidence. That's really hard to put a dollar value on, right? So these aren't always. When I talk about cost benefit analysis, it's not always so clear cut. But just like it rest that emotion not secured by default. I've gotta find a way to protect it, to the degree that makes sense
based on the value of the death.
Easy now. All right, so
one of the things that we think about doing is isolating traffic based on its value.
It's a matter of fact, you know, when people talk about what firewalls do,
you know, ideally, and you can come up with a lot of definitions. But one of the things that I described firewalls, the service that they perform is that they isolate security zones.
I have a trusted network, have an untrusted domain. That firewall goes but to between the two and creates the isolation,
isolation, isolation, isolation,
the most foundational principle in my mind of security,
the most single foundational principle of security.
Keep users out of your stuff or they'll break it.
I'm gonna write that up formally and call it Kelly's principal.
Keep users out of your stuff or they'll break it.
And yeah, I said it very casually. But really, what I mean is keep untrusted entities away from your trusted resource is don't allow unfettered access from trusted toe untrusted or untrusted trust. When I say your trusted resource is I mean
your dad, your file servers, your resource is your list of users and pass with your stuff,
right? That's your trusted stuff. That's what you want to protect.
Untrusted entities, users.
Anybody else, right? That shouldn't have access. So firewall creates that isolation.
You can also segment your network in certain ways. A virtual land means Okay, maybe secure data will be on this network.
Unstick your data will be on that network. I'll create two separate virtual networks, which means I create the isolation on a switch instead of physically connecting them. Right. But the idea of villains are all about isolation.
Keeping traffic O R or resource is of the same value together
transport protocols, protocols that helps secure data in motion. That's important. Assess, Alan T. L s or gonna protect our web traffic. You know, http, um,
creating this idea of an encrypted tunnel from in point in point
where the entire, uh I'm not saying that's what SSL does that's really more VPN connection. VP ends. I p sec tunnels reference there. That's in point in point from initiating computer all the way in to the accepting server, the entire path is protected through
and I pee set Tom
or point point Tunnel in particular well, to TP or whatever peddling particle. But the bottom line is, and we're not getting into that yet. We're not trying to be technical here, but just the idea that while that is in motion,
it is not protected. So we have to come up with the security solution to protect that data.
VP ends, we might isolate networks. We might use inspection devices like firewalls, but we've gotta figure out something
and then last data in use. You know, while transactions are being processed, they're not encrypted. I have data that stored it's encrypted. When data goes to process, it's loaded into RAM. Its secret
transactions or processed gets re encrypted to store well
on the horizon. And this was driven by Blockchain technology. If you're familiar with any sort of any sort of ideas in the world of digital currency, the need for her being able to process such high value data we have to be able to find a way to encrypted while in process.
And that's a technology called home, um, or FIC encryption.
We don't have the capability. There's a lot of overhead. We can't really do it cheaply. Cost effectively now for common data. But for highly, highly, highly valuable data where performance or access is essential
with the right amount of money you can you can make anything work right so I wouldn't know that Torque term Home Obor Fick Encryption.
Certified Cloud Security Professional (CCSP)
This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.