this module is all about data security and encryption. We're gonna cover security controls in different storage types, will go into managing data migrations, and we'll talk about securing the data once it's been migrated into the cloud will review specifics of I s pass and SAS encryptions, different techniques you want to employ
based on the different environment and type there.
They will talk about key management, customer key management provider, key management
and well rounded out looking at architecture considerations, monitoring capabilities and discussing additional controls that you can leverage and put in place to keep that data in. The cloud secure
for the remainder of this video will focus on data security controls and data storage types.
There are three main components to data security controls in the cloud.
First and foremost, you need to determine which data is allowed to be stored in the cloud.
We previously spoke about establishing data classifications based on your legal and regulatory compliance requirements, taking into account any jurisdiction constrains or storage media limitations.
This classification will drive the most fundamental question for you should the day to be stored in the cloud based on his classification, or should it be excluded from the cloud.
At that point, you have certain classifications of data in the cloud, and you need to protect and manage it.
This involves establishing a secure architecture, establishing proper access controls, using encryption, compromise detection and employing other security controls,
many of which we will talk about in this module.
And finally you need to enforce to ensure that all the necessary security controls are being complied with.
This includes establishing audit, logging as well as backups and disaster recovery mechanisms.
The C S. A guidance classifies data storage into four different types.
First, we'll talk about object storage. This storage type is presented like a file system and is usually accessible via AP eyes or a front end interface, which is a Web or a specific client. Software
files, which are considered objects, can be made accessible to multiple systems simultaneously.
When you read about unintended data leakage in the cloud, more often than not, it's the result of object storage and the access controls, unintentionally exposing it to the public Internet or to an audience beyond which it should be.
Examples of common object storage include Amazon s three. Microsoft deserve storage blobs and Google Cloud Storage Service
Moving forward. Let's talk about volume storage this storage medium, such as a hard drive that you attach to your server. Instance. Generally, a volume could be attached only to a single VM server. Instance at a time it's basically the hard drive for your virtual machine continuing. We talk about the database storage
concerts. Providers may offer customers a wide variety of database types, including commercial and open source options.
Quite often, providers will also offer proprietary databases with their own AP eyes thes databases air hosted by the provider and use existing standards for connectivity. Databases offered could be relation alot, or non relational. Examples of non relational databases include no sequel,
other key value storage systems
and file based databases such as Hadoop H DFS. Last but not least, we have application platform. This storage is managed by the provider. Examples of application platform storage include content delivery networks, where they're cashing static files at the edge of different areas throughout the global Internet
or files stored in his software as a service application
such as ah CRM system like salesforce or a common document collaboration system like Box,
Let's have a quiz and we'll pull on some of the information we've covered in previous modules just to make sure you don't forget, as it's pretty pertinent to the material that we're also covering right now. Which of the following is the best way to determine whether or not data should be stored in the cloud security policies, privacy policies, information classification,
data security, lifecycle or an acceptable use policy?
Think about it for a second, and the answer is C. We talked about this early on in this video is, well, information classification, security policies, privacy policies, those air going to drive your information classifications categories, and they're going to determine what you can do with data that sits into certain classifications.
But ultimately it's information classifications at you're going to rely on. That's gonna be the
the best way to determine whether data should be stored in the cloud or not, Data security lifecycle. Acceptable use policies really may also drive your classification, but by and large they're not applicable to this question. In this video, we talked about data security controls, and we cover different data storage types