9 hours 29 minutes
and this video will highlight key challenges to applications security When you're working in the cloud the last video we talked about opportunities to improve applications security in the cloud. In this video, we're gonna talk about the challenges to application security when you're working in the cloud.
Previously talked about logging and monitoring in the cloud and how it you are impacted in reduced amount of visibility into the level of detail that you can examine things you don't have physical network monitoring capabilities and in the cases you using pass or even SAS paradigms. You don't have access to view. The server logs themselves either,
and obviously this is a challenge requiring you to shift the way you look at monitoring and logging.
By Now, you know the management plane plays a very important role in the cloud. You have some very sensitive data, and you can perform some very powerful operations through the management plane. It's very common to have automation that interacts with the management plane. This includes responding to application events or even employing infrastructure as code. As a result,
you end up with applications themselves that are interacting with the management plane
and as a result you need to take into consideration what can happen if these applications get compromised and the traditional world. If your application was compromised, maybe someone could get access to the server that it was running on in this world. If this app kind of application gets compromised, somebody can have access to your management playing themselves, which would allow them not just access to the servers.
But it would provide them with rights to create servers, create other resource is
and change up networks and do a lot of potential damage. Piggybacking on the last point, the threat model changes. You have the management plane. You also have the cloud provider in their responsibilities. So when you're doing your threat modelling, you need to account for this. New technology in this new world of shared responsibilities
later in this module will talk a little bit more about what exactly threat modelling is if you're not familiar with it.
But the bottom line is
you have new factors and considerations that you need to take into account because there are some things that are out of your control, and it a tone were very much related to the challenges of monitoring and logging. You just generally have less visibility into specific aspects of your application. You don't know anything about the physical device that this is running on.
And in the case of the past or SAS model,
you don't have insight into the virtual servers themselves that things are running on. It's a shared responsibility model, and in that model you only see the things that you are responsible for yourself.
To summarize this video, we talked about challenges to application security in the cloud.
We discussed the specifics of limited detailed visibility, increased application scope, changing threat models and reduced transparency.
This course prepares you to take the CCSK certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.