Cloud Security

00:02

Hey, guys. Welcome to the episode of the S S C T exam Prep Siri's. I'm your host here. Simple him.

00:09

This is going to be the fourth lesson in the seventh domain

00:13

so far in the seventh. Demean. We've taken a look at the CIA triad and how malware applies and threatens confidentiality, integrity and availability. We've taken a look at the different vectors of infection and malicious Web activity.

00:29

We've taken a look at how to identify an infection in your organization or on your computer. And we've taken a look at how to analyze malware and successfully mitigated.

00:41

Now, finally, in this lesson, we're going to talk about the cloud we're going to address cloud security, the layout of the clown, how the cloud is kept private howto handle data privacy in the clown and had a handle data storage and transmission within the cloud. Let's get started.

01:00

Cloud computing environments are really complex systems, a combination off hardware and software that is also Internet based. They use technology such as virtualization and data loss prevention to provide operating environments and to protect the data in the cloud.

01:21

Now, cloud computing is

01:22

Internet based, so it's kind of like bringing all of this infrastructure through the Internet and then doing computing and calculating and using software that is Internet based. Now. Clowns are very, very different

01:38

in terms off all the different kinds there are, but they usually share.

01:44

This is most similar characteristics.

01:46

Hey, I like to I like to map each characteristic with a picture on the right simply because it helps make it easier to remember.

01:55

First is on demand self service kind of like a watering found. Where you have you get resource is when you need them. So if you need more, resource is you say you need more resource is and you get more. Resource is. There's also broad network access,

02:10

which is being able to access your clout anywhere around the world.

02:15

There is resource pulling with most organizations and especially clown systems. There's only ah, high amount of activity for a small period of time, and everything else is usually a low amount of activity. So cloud resource is and help bring resource is together during the busy parts

02:35

of the day and then spread out. The resource is to other things.

02:38

When the areas are not so busy

02:40

was rapid elasticity. Being able to set up more infrastructure and get more resource is in the cloud immediately as soon as you need them. And there is measured self service

02:53

where cloud the cloud offers a unique ability to offer measurements for things in such a power, consumption or resource. Use it, which is kind of difficult to get in a regular network environment.

03:08

There are several deployment models. When it comes to clouds, there is the public cloud. This is open for used by the general public. Anyone can use this. It needs to concludes. Like Amazon, Microsoft and Google, there is the private cloud, which is used

03:25

only for a singular organization. This is where the organization, like

03:30

put different software and have different resource, is that the employees of the organization can use. And there is the hybrid cloud, which combines two or more cloud infrastructure is This is usually a hybrid between public and private,

03:45

and there is the Community cloud, which is used by a group of organizations that have shared concerns or if they belong to the same industry they might share. Cloud resource is and still be using the same. Basically, the same stuff.

04:01

There are several different service models associated with the cloud. There is software as a service. SAS. This is directed more towards end users. This is hosted application management and software on the man. This allows people to log on to a cloud and be able to

04:20

access different software that they need in order to perform their duties.

04:25

There is platform as a surface past. This is main believe. For developers, this has the capability for user's to develop applications on the cloud. So this is where they can write cud and test cud and compile it and really create different systems of projects on the cloud.

04:46

Using the fundamental cloud resource is that are given

04:49

and there is infrastructure as a surface i. A s. This is mainly used for I t professionals.

04:58

Fundamental resource is are available for the user to run different applications. It's although there's a couple of benefits with all of these main leads the cost of ownership, the ease of accessibility and the veil of ability to scale up and down infrastructure. Depending on the usage,

05:15

virtualization virtualization is the foundation for agile scaleable cloud. On the first practical step, four building cloud infrastructure. Now, virtual ization is the abstraction off virtual machines,

05:30

so it's kind of like a network that's run virtually. We could take a look at V lands a couple of lessons ago,

05:38

and this is the same thing as you lands Virtual Ran's, except that it bub applies more to the overall entire network. Instead of just a local area network,

05:48

virtualization is managed by a host server running a hyper visor. So, huh, improviser is a piece of software, metal or firm. Where that runs virtual machines.

06:00

There are two types of hyper visors. The first is known as the native or bare metal hyper visor. These are hyper visors that are run directly on the hosts hardware to control the hardware and manage guest operating systems.

06:17

This runs on the bare metal hardware of a server,

06:21

and the other type of hyper visor is a hosted hyper visor. These hyper visors run on convention conventional operating systems, just as other programs do so. This includes things like the M workstation virtual box, things like that. Now there's several different types of virtual ization.

06:41

It's good to have

06:42

a general knowledge of these types is well the first is server virtualization. This is where you can run multiple operating systems on a single server. So if you want to have a window server, But if you want to be able to run another window server or a linen server

07:01

yeah,

07:02

a Mac OS server, you can now, and the resource is inside the server. They're all shared throughout the different servers. So if one server needs more, processing power for something than one of the other ones than the resource is can be shifted to that very, very simply.

07:19

There is network virtualization, Mr the reproduction of a physical Network in software. So this is the thing we talked about. Such a CZ Virtual Lands

07:29

network Virtualization presents a lot of logical networking devices, and service is port switches, routers and everything. Applications could run on the network virtualization. Similar Lee. If they run on the physical network,

07:45

there is desktop virtualization. This allows you to set up a new

07:48

desktop and and run applications on it for any user in an organization at a moment's notice,

07:56

there is application virtualization,

07:59

where you can run applications on the cloud as a managed service so you can save costs and increase service.

08:07

And there's also storage. Virtual is Asian.

08:11

This is the resource is within a a server or holding storage area with abstract discs and flash drives, and combines them into high performance storage pools and delivers these things as software.

08:28

So as they are software, they can also still hold data and information.

08:33

Now, when it comes to legal and privacy concerns, there's there's a gray area, right? I mean, the cloud is an Internet beast,

08:41

um,

08:43

system. So if the system is run on somebody else's server, so there's kind of a gray area when it comes to what the clap providers responsible for and what the organization would, Network is responsible for their two main concepts. When it comes to legal and privacy concerns,

09:03

there is Applicability law,

09:05

which determines the legal regime. Africa ble to a certain matter, and there is jurisdiction which determines the ability of a national court to decide a case

09:15

Now when it comes to splitting up responsibility. Usually this diagram is the general rule of thumb force. Putting up that responsibility, the enterprise is responsible for data application platform security,

09:30

while the cloud provider is responsible for plaque for infrastructure at physical security within the cloud operations of infrastructure,

09:41

and the platform on the software surfaces that they offer different clown service is all for different types of storage with infrastructure as a service, users are responsible for managing applications, data run time and operating system,

09:56

while the providers still managed a virtual ization servers, hard drives and networking. Now Infrastructures Service uses two different types of stores. They used volume storage, which is a virtual hard drive me attached to a virtual instance, and used the whose data within the file system

10:16

volume storage is act kind of like a physical Dr.

10:20

And then there's also Object Storage, which is a file share the 80 eyes or a Web interface

10:30

with Platt for warmth as a service. This is where the

10:33

cloud providers offer All of the resource is, but the developers actually manage the applications

10:41

that when platforms the service there to type of storage, there are structured storage, which is information with a high degree off organization. So what they mean by that? This is information that can be fit in a relation database, and it's seamless and can be searched by simple, straightforward

11:01

algorithms or queries.

11:03

Unstructured storage is information that does not reside in a database, so it's it's information that doesn't fit nicely into a database. This includes things for this email word processing documents, videos, photos, things like that.

11:20

Software, as a service offers two types of storage. Well, it's a offer. Information, storage and management. This utilizes different database, which is in turn, stored on object or volume stored. And then there's also content and file storage, which utilizes again

11:39

object or volume storage

11:41

content. Ball storage is also available via a Web based user interface. David Loss prevention. As always, day loss prevention is a difficult concept is also a very important concept. You don't want to provide weeks whether you're in a physical network or the clown network. Now, thankfully, date of loss prevention is very similar.

12:01

Regardless, if you wore in

12:03

E

12:05

right your network or in a cloud based network,

12:07

obviously class or just some of the weakness, such as administrator access. Technically, an administrator of the cloud or that clap fighter can access your data if they needed to or wanted to, and that's something you can't really control.

12:24

There's also configuration changes since everything is virtualized. Clouds can go from private to public to anything relatively quickly, especially if there is a configuration change. And this is one of the

12:39

most common problems when it comes to data loss prevention. There's always databases cloud databases that are private originally that become public simply because a configuration error.

12:52

There are also a lack of controls when it comes to cloud storage. When you use the cloud, you're using it, usually with a bunch of other people. And so your data is placed on the same.

13:03

His goal area, same physical, our driver server as other tenants. So with the lack of controls, it's possible that someone else's data could be seized. For whatever reason, you're through a court order or it can be removed, and somehow what happens to their data, it can impact what happens. But your data,

13:22

obviously data loss prevention attempts to protect the data through

13:26

discovery and classifications. You can't protect eight if you don't know where it is, and you can't, and you need to protect sensitive data even more than you need to protect non sensitive data. You can also enforce the data loss prevention by monitoring data and enforcing pot different policies

13:43

similar to those on a regular network, though of people who can access and modify the data.

13:50

In today's lecture, we discussed cloud characteristics, virtual ization, data storage and data loss prevention.

13:58

Quiz time.

14:00

This service model offers users the capability to develop our own software application Given resource

14:05

a salt forest service.

14:07

Be platform as a service,

14:11

the infrastructure as a service or D enterprise as a service.

14:18

If you said be platform as a service, then you are correct. Remember, with platform as a service, the resource is and the tools are already there if the developers who then come in and create their applications on the clown and then manage them from the cloud.