Cloud Provider Responsibility for Physical Plant
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Now we're going to be talking about
00:00
the Cloud provider's responsibility
00:00
for the physical plant.
00:00
Since customers are already leveraging
00:00
the physical data center maintained by the provider,
00:00
there are a lot of some iterations relative to
00:00
risk and security that need to be taken into account.
00:00
In this lesson, we're going to describe
00:00
the important considerations when
00:00
evaluating a Cloud provider's physical location.
00:00
We're going to talk about the primary responsibilities
00:00
that the hosting provider
00:00
takes on when maintaining
00:00
the physical environment at the data center.
00:00
Then we want to identify potential risks or
00:00
red flags we noticed
00:00
when evaluating various hosting providers.
00:00
When talking about the physical plant, really,
00:00
we're talking about it at the bottom
00:00
two lines of this chart here,
00:00
the physical security and maintenance of the facility,
00:00
as well as the proper hardware
00:00
configuration of the individual hosts.
00:00
Physical location, just like they
00:00
say in the business location, location.
00:00
Well, there's a bit of art and science
00:00
to picking a proper data center location.
00:00
Those data centers, they take massive amounts of
00:00
electricity to power and
00:00
maintain the heating and the cooling.
00:00
In terms of the utilities,
00:00
the data center can't necessarily
00:00
be too close to a city or too far away.
00:00
There are data centers in the cities and
00:00
there are certain in remote locations,
00:00
but there are trade-offs in terms of the access to
00:00
utilities and the ease of attracting talent.
00:00
Now when designing the data center,
00:00
the entire design is really up to
00:00
the hosting provider if they need to ensure that it's
00:00
adequately designed to maintain
00:00
safe static electricity and humidity levels
00:00
within the data center.
00:00
Then one of the other challenges that comes
00:00
with the location of the data center is that
00:00
although you don't want people snooping around
00:00
your data center or trying to
00:00
figure out where your data center is located,
00:00
many of the locations,
00:00
specifically for large hosting writers are secret.
00:00
They provide you a general like state or country
00:00
location for the data center
00:00
because they don't want to attract too much attention.
00:00
That becomes difficult in highly populated areas.
00:00
But one of the other difficulties you run
00:00
into when putting datacenters in
00:00
more remote locations is attracting quality staff.
00:00
People with a lot technical skills
00:00
don't often live in very remote areas they are
00:00
often are in more densely populated areas
00:00
>> where there are many businesses
00:00
>> that will leverage their skills,
00:00
>> so that can be a difficulty.
00:00
One of the other difficulties of being remote is having
00:00
access to those utilities necessary
00:00
to run the data center.
00:00
Another thing to take into consideration with
00:00
the locates in the data center are,
00:00
what is the probability of
00:00
a natural disaster affecting this data center?
00:00
Is it in a place that has tornadoes or
00:00
earthquakes or large storms that come through.
00:00
Another very important consideration is
00:00
the political situation in
00:00
the country where the data center is located.
00:00
Is it the cost of the hosting provider
00:00
>> worth the probability that the country may become like
00:00
>> a failed state or a civil war might break out?
00:00
There's always something to consider and it's
00:00
the provider's responsibility to
00:00
take these into consideration
00:00
when putting together a data center.
00:00
One of the other major responsibilities
00:00
of the hosting provider is to
00:00
secure and manage the hardware components.
00:00
This is really making sure that there are
00:00
secure configuration of all the hardware,
00:00
the hypervisors, the virtual machines,
00:00
and the virtual operating systems that are
00:00
deployed from the underlying infrastructure.
00:00
At the hardware level,
00:00
there are also setting up the bios,
00:00
the firmware that's flashed,
00:00
and the processor of the hardware.
00:00
Then they're also making sure
00:00
that the system is properly configured to
00:00
run the cryptographic algorithms
00:00
that are necessary for encryption.
00:00
This is a matter of ensuring that
00:00
the Trusted Platform Module that dictates how processes
00:00
can be used to run
00:00
cryptographic functions is properly configured.
00:00
Then there's the management of all this hardware.
00:00
You want to ensure that
00:00
the configuration baseline is maintained
00:00
across all these different hosts and virtual machines.
00:00
If there are changes to that configuration baseline,
00:00
you have to manage that process,
00:00
ensure that changes are vetted,
00:00
tested before they're approved,
00:00
and put into production or put it
00:00
in place across to the data center.
00:00
Then there's also monitoring,
00:00
figuring out how to configure logging and monitoring or
00:00
the utilization as well as
00:00
events across
00:00
all these different devices in the datacenter.
00:00
The logging and monitoring
00:00
is very crucial because it supports
00:00
the incident response as well as
00:00
any forensic activities that are
00:00
related to breaches that might occur.
00:00
One of the last items we're going to talk about
00:00
is secure remote administration.
00:00
Because customers are able to
00:00
access the data center remotely,
00:00
or I should say the underlying infrastructure remotely
00:00
through their Cloud-based service model,
00:00
the provider really needs to ensure that
00:00
only the correct customers have access,
00:00
that the connection between
00:00
the customers and the datacenter is properly encrypted
00:00
and there are strong authentication to ensure
00:00
that no one who's unauthorized can
00:00
access that customer's account or provision resources
00:00
at the data center who's not authorized to.
00:00
Quick question. Which of the following dictates how
00:00
processes can be used for cryptographic functions?
00:00
Is it the Trusted Platform Module TPM,
00:00
the hardware controller, or
00:00
the Advanced Encryption Standard?
00:00
You said the Trusted Platform Module here, correct.
00:00
I just throw on hardware controller and
00:00
the Advanced Encryption Standard is a
00:00
specific cryptographic out standard and algorithm.
00:00
In summary, we talked about the physical components
00:00
managed by the provider and we talked about
00:00
the primary responsibilities of the provider
00:00
when it comes to physical plant.
00:00
See you in the next lesson.
Up Next
Instructed By
Similar Content
