all right now our next section just talking about storage. And again, we're thinking about the world of infrastructures, a service, and one of the more common means that cloud service providers deliver. Storage options to consumers is through objects storage.
So in the object we save files. We can save metadata about those files.
Um, and this information is accessible through some sort of a P I some sort of in for is some sort of interface that we can go on access what we need. If you've worked with us three with Amazon, they call buckets. That's the idea of objects storage.
So each individual file has a unique key that allowed to be individually access. Now, one thing that I think is testable is that there can be an issue with consistency until full replication happens across the servers. Us true of anything. But you know, if they're elements of that object or versions of the objects spread out for, you know, whatever purposes through dispersion,
you have to make sure that the replication is up to date. Otherwise, you may find yourself out of sync with the latest version. That's a testable idea.
All right, let's move on. Let's talk about risk. Everything's about risk. Information. Security is all about risk. So when we talk about this next section, we're gonna talk about risk assessment risk analysis in the cloud, Looking at some risks that, um,
we have to be specifically aware of when we're looking at storing information in the cloud.
But also again, some of these risks are not unique to cloud storage. They're just information in a shared environment, any sort of networked environment. So we'll talk about policy and organizational risk. Was the structure of your organization what sort of policies and procedures were in place?
General risk. There's just a certain amount of risk that goes in with doing business with storing information
with sharing information, some specific virtual ization risks. Some of those we've already talked about in the section on virtual ization, some clouds, specific and non clouds, specific risks and then specifically some legal risks that we have to think about. All right, so policy and organizational risk
one of the things certainly testable.
It's less and less of an issue now. But early on cloud service providers, there was a really and present threat off, uh, risk of provider Lock in. And what that means is, if your provider is very proprietary in nature, they use proprietary interfaces, proprietary data formats. They use proprietary storage types. And the idea is, the more proprietary in nature. Your service provider is,
the more likely you are when you decide to leave that cloud service provider to either bring things back on premises
or maybe moved to another CSP, the more difficult
there's a greater potential for it to be difficult. We like standardization. We like standard formats where I can move my data from this server to that server. You know, we like database formats that air compatible. I don't wanna have to export just to import to something else to export import
right. I want to be able to migrate from one location to another. So if the formats or the technology that your provider is using is to proprietary,
that's vendor lock. It just makes it difficult to move back on Prem or somewhere else. Now there's something else called provider lock out, and that's not on the slide. But just to mention it, you have everything
you need stored on the cloud. Life is wonderful. What happens if that cloud service provider goes out of business.
right. So the idea is provider lock out. For whatever reason, your cloud service providers no longer available. Now, what do you do? So we have to make sure that we don't put all our eggs in the basket of the clout, right? We are still liable for
the protection, the confidentiality, integrity and availability of our data. So to put everything with single Cloud service provider,
we have to have a whole lot of faith in that cloud service provider. Right? So that's certainly an area of concern.
Then we also have to look at the governance at Cloud service provider. What sort of governance do they have? What sort of organizational structure? What sort of policies are in place, and then from our side, we have to think about third party governments
who reviews the service level agreements. How is that done? Who ensures that service liquor level agreements are actually being met?
That's on our part, right? So and then from that point, what about compliance? What if they are not in compliance with their service level agreement? What if their service level agreement doesn't state that they're gonna be in compliance with our internal security policies, right, because we may have a greater security need than our cloud service provider provides.
all of those elements, And then, of course, we've got to think about provider Exit. We've already said that we don't want proprietary vendors because it can be hard to move from one service to the next, so that's policy and organizational risk.