Time
9 hours 48 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:00
okay, Next section is virtual ization. And quite honestly, we're gonna get into virtual ization in much more detail as we move through. And if you really think about it,
00:10
what made cloud computing possible? It's virtual ization.
00:15
That's a much possible as profitable,
00:18
you know, why do organizations have the capability today that they didn't in the past? Because we can take this hardware that we've invested in And we have kind of souped up hardware, so to speak, and were able to parson parcel out
00:36
elements of that hardware to multiple organizations.
00:39
Fertilizations. So in the past, if I wanted to allow cloud service is and I wanted you to be able to store information on my server, you would have Your unique physical resource is now We can do that all in the same system, So virtualization is great.
00:55
The downside of that is it's all in the same system, right? So they're always pros and cons. So when you're looking at 30 different organizations sharing the same physical space, you know that's logically isolated.
01:10
You know, you've got this issue of multi tendency and multi tendency will always be one of the greatest concerns of security in the cloud, right? I don't know who share in space on that server with me. I don't know what they're doing. I don't know if there's illegal activity that might cause this to be seized. I don't know.
01:27
You know, a malware. I don't know what's going on. So when I'm sharing the same physical space
01:34
with other entities, that's a concern.
01:38
Not to mention we have to think about it from a redundancy standpoint. You know where you're using multiple virtual devices on a single system? What happens if that single system goes down? I'm not saying you can't avoid problems. Of course you have redundancy, right? You have backups.
01:53
But I'm just saying all of these elements are concerned for virtualization, and they're a lot more as well.
02:00
Um, so ultimately, when we talk about virtual, is ations security? The most important element of any virtual system is gonna be the hyper visor,
02:13
and they're different types of hyper visors. But ultimately it's that hyper visor that controls the security and the isolation of each of the virtual machines. So that any point in time, the hyper visor compromised, You know, you're dead in the water, right? So we have to ensure that the hyper visor
02:31
is secure
02:32
now when it comes to working with the cloud, That's one of the things that the cloud service provider is always gonna be responsible for. They provide us the virtualized environment. So when we talk about okay, that hyper visor needs to be scanned for,
02:50
you know, root kits and the hyper visor because those exist. And if you prove the hyper visor again,
02:57
you know you have no security, you have no control.
03:00
That is their responsibility. And, you know, I want to be clear when I say that's their responsibility. That's the work that they do.
03:07
It's not my responsibility, but it's my problem. If that makes sense,
03:13
I am always
03:15
ultimately responsible for the data that I choose to store in a cloud service, provided it is my ultimate liability and my ultimate responsibility. So if the Cloud service provider
03:30
doesn't scan doesn't do anything to ensure the security of their hyper visor
03:35
and that hyper visors compromised, yeah, I could sue them for violation of their service level agreement, probably,
03:42
but it doesn't mean I haven't lost my gather
03:44
right. I've lost my dad and my customers are enraged. I'm subject to lawsuits. So when I talk about these elements of protecting the hyper visor, I'm not saying you and I do that. But I am saying, Third party governance
03:58
needs to make sure that their elements of the service level agreement that address how that's protected and have it all how it's monitored
04:06
now the hyper visor.
04:10
Let's cut it there.
04:12
Okay, let's leave that just fertilization security. Then I'll go into the different types of hyper visor.

Up Next

Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor