Cloud Data Security Strategy
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Intermediate
Video Transcription
00:00
>> Now we're going to talk about
00:00
Cloud data security strategies.
00:00
What are the methods that we can really employ,
00:00
at least at a high level to ensure that
00:00
data in the Cloud stay safe?
00:00
In this lesson, we're going to talk about
00:00
the main security strategies
00:00
for protecting data in the Cloud,
00:00
we also want to relate many of these strategies back to
00:00
other topics related to data security that we've
00:00
talked about already since it's classification,
00:00
roles and responsibilities, and where
00:00
these strategies can be deployed
00:00
within the data life-cycle.
00:00
Also, we want to look at different scenarios and
00:00
think about how some of these strategies can be used.
00:00
There are four main data security strategies
00:00
that we're going to talk about.
00:00
The first, we've seen it many times but encryption.
00:00
Encryption is the use of algorithms to
00:00
render information unable to be
00:00
seen or understood by a party that doesn't have
00:00
the ability to decrypt the information and render
00:00
it back to clear text or its original state.
00:00
Encryption is often deployed in many instances,
00:00
as we'll see later affecting our various data states,
00:00
such as data in transit,
00:00
encryption is used to secure the process of
00:00
transmitting information, data in process,
00:00
encryption can actually be used
00:00
even when data is being processed
00:00
and then most importantly in
00:00
the Cloud context, data in storage,
00:00
ensuring that the data cannot be accessed
00:00
by other parties especially in
00:00
some of our Cloud models that we've gone over,
00:00
where data is being shared or stored on shared hardware.
00:00
Masking. This is a technique and
00:00
actually a whole host of different techniques to make
00:00
render sensitive data in a state that people can't
00:00
infer completely what the sense of information is.
00:00
Masking techniques are applied in
00:00
a lot of test cases of data,
00:00
or sometimes by certain regulations that prevent you from
00:00
seeing the full string
00:00
of digits in a credit card, for example.
00:00
Let's also talk about
00:00
security information and event management.
00:00
This is a critical security feature used to
00:00
monitor events that are happening
00:00
regarding data in your Cloud-based environments.
00:00
You're going to want to set
00:00
an appropriate threshold and really
00:00
be visiting and investigating
00:00
any unusual activity when it comes to
00:00
the transportation or manipulation of
00:00
data in your Cloud-based environments.
00:00
Then lastly, egress monitoring.
00:00
Egress refers to things exiting or leaving.
00:00
Egress monitoring is really done
00:00
through a host of different technology and solutions
00:00
related to what are called data loss
00:00
prevention and digital rights management.
00:00
We'll go into some of those
00:00
technical solutions that are used
00:00
to ensure that you see when any data
00:00
is leaving your environment ensure that it's not being
00:00
exfiltrated by a threat actor and that it
00:00
is supposed to be leaving for one,
00:00
and then it's going to the right place.
00:00
Quiz question. Obscuring the digits of
00:00
a credit card number in an example of
00:00
which data security strategy,
00:00
encryption, egress monitoring, or masking?
00:00
If you said masking, you're correct.
00:00
Remember encryption is used to ensure
00:00
the confidentiality and integrity of data and
00:00
then egress monitoring is used
00:00
to capture when data is leaving
00:00
your cloud environment and to ensure that
00:00
that is intended to happen and
00:00
protect data that when it
00:00
leaves it's appropriately protected.
00:00
In summary, we talked about the
00:00
data security strategies,
00:00
we talked about how these strategies
00:00
can be used together,
00:00
and then also some of the stages in
00:00
the data life-cycle where they really apply,
00:00
as well as the different data states
00:00
that are applicable to these strategies.
Up Next
Encrypting Data
Encryption Types
Encryption and Key Management
Federal Information Processing Standard (FIPS PUB140-2)
Hardening Devices
Instructed By
Similar Content
