This video will cover key topics related to data security in the cloud, primarily pulling from information in domain 11
as a starting point to talk about data security in the cloud.
Let's describe a few of the different key data storage types. First off, we have object storage. This is a pass offering that many cloud providers give you is access to an A p I, and it's a highly resilient method for storing data. Then we have volume storage. This is the virtual hard drives for the V EMS.
There's the database. The database pass offerings could be relational database or a non relational database. The key thing here is that this is hosted by the provider.
It's not. You run a virtual machine and you install of database software on that virtual machine. The past providers taking care of that and finally, application platform. For example, AH content distribution network, which takes copies of images or videos or other files and distributes it to the edge. The different entry points of the Internet
throughout the globe
so that the amount of time that it takes for your end users taxes those images is much less talked about data migrations, highlighting the fact that often times the security that the cloud provider themselves is implemented is gonna be more than something you could build yourself. We also looked at some of the different technologies out there, too.
Help Make sure that the wrong kind of data isn't going to the wrong cloud. Providers such as a
cloud application security broker looking at the different SAS systems that are being used by people within your network. Or data loss prevention technologies, which are intended to recognize when information you don't want leaving your control or you don't want going to certain providers. Recognizing that information and making sure
that it doesn't flow over the network to those wrong providers
talked about entitlement matrices a few times during the video. And it's really an efficient way to determine access controls and make sure you have all the the basis covers and also provides a great mechanism for communicating with other people now that the actual enforcement of the entitlement matrix is gonna depend on the various controls that the providers themselves give to you.
So you want to make sure that the entitlements matrixes ah accurate in realistic representation
of the kind of things that you could do and set up for working with the provider. And we couldn't have a conversation about data security without mentioning encryption, encrypting data and traffic. But we also spend a lot of time looking at the data at rest and the different methods that are used to encrypt that data at rest. More importantly, managing the keys that were used to encrypt the data.
So did you have access to those keys
and can decrypt the data? When is necessary? We look the different levels of trust. We have the on premise hardware security model. If you really, really want to control those keys, then we have a customer managed virtual appliances where it's a software based appliance running on the cloud providers infrastructure.
But you is the customer control the room keys. Then there's provider managed HS EMS.
They're actually hosting it in their hardware, which they are managing the physical presence off, and they're providing an A P I for you to interface and store your keys. Then you have could provider key management services very similar to a virtual appliance, except the provider themselves is managing it,
and it may or may not map into an underlying actual HSM versus B, A
software based security module. And finally, there's provider Manage Keys, where you as the customer don't even have access to the keys, and the provider is taking care of the management, access and distribution in rotation of those keys, all four US part of a grander managed service. So this wraps up our quick highlight of data security data, encryption, data management
and the basics of an entitlement matrix.