Data Storage Architecture
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Now we're going to talk about some of the common
00:00
data storage architectures and
00:00
many of the security considerations for protecting
00:00
data at rest when it's stored.
00:00
The learning objectives for this lesson are
00:00
describe the common data storage architectures.
00:00
We're going to do a little compare and
00:00
contrast or their benefits and limitations.
00:00
Then also talk about some of
00:00
the storage architectures and when they're
00:00
appropriate for a given business case.
00:00
When it comes to storage architecture,
00:00
one of our first message that we'll talk about is
00:00
volumes storage and object-based storage.
00:00
Both of these are typically found in
00:00
infrastructure as a service context.
00:00
In volumes storage,
00:00
you typically are using basic encrypting
00:00
and storing of large volume of
00:00
information that's attached to a particular instance.
00:00
The instance being a virtual hard drive that's
00:00
on a piece of
00:00
infrastructure that you access in the cloud.
00:00
Some of the volume of storage is so large that
00:00
multiple storage containers or what
00:00
they refer to as partitions are
00:00
used to cover the information.
00:00
This actually has a user benefit
00:00
when it comes to security.
00:00
That this is often described as data dispersion,
00:00
which supports resiliency and security because
00:00
when data is stored in the cloud
00:00
and in multiple instances
00:00
and potentially backed up
00:00
or spread across geographic areas,
00:00
that improves the resiliency of a business case
00:00
where maybe one region goes down and all
00:00
you need to lose access to information
00:00
because of a security threat
00:00
or something makes it unavailable,
00:00
there won't be as big as a hit to
00:00
the business's operations and they
00:00
may be able to recover more
00:00
quickly when data is dispersed.
00:00
The other format within this volume storage,
00:00
we talk about storing lots
00:00
of files and we also talk about block storage.
00:00
The file storage,
00:00
it's typically what you think of,
00:00
organized files and folders and the standard hierarchy.
00:00
Block storage, there's no inherent hierarchy.
00:00
It's more flexible and actually improves performance.
00:00
Block storage can be protected a number of ways
00:00
using encryption that can be
00:00
either applied at the instance level,
00:00
do encrypt individual blocks,
00:00
or you might have an external party who
00:00
manages the encryption over your instance,
00:00
or there may be a proxy that's
00:00
setup that encrypts information when it
00:00
is being put into
00:00
block storage and taken out, vice versa.
00:00
Then we have object-based storage.
00:00
>> Object-based storage that we also think of this
00:00
>> in the infrastructure as a service context.
00:00
Information is organized as you guessed it,
00:00
objects and their metadata meaning
00:00
the information about those particular objects.
00:00
One of the benefits of object-based storage is it
00:00
makes data labeling very easy because you
00:00
can figure out based on
00:00
how an object is identified
00:00
and the metadata surrounding it,
00:00
what's the appropriate protection
00:00
and data label that should be applied.
00:00
Then when we think about encryption in this context,
00:00
we're thinking of file and folder level encryption.
00:00
This gets into when we talk
00:00
about information rights management,
00:00
the proper way to ensure that accesses
00:00
are tailored to a very granular level so
00:00
that only the right people can get access
00:00
to sensitive information at the file/folder level.
00:00
Then databases.
00:00
We talked about how in
00:00
the platform as a service and software as a service,
00:00
databases are typically used
00:00
and implemented to access information
00:00
that's out there in the cloud.
00:00
A databases, often it
00:00
organizes things in terms of observations and columns.
00:00
This is what we would call structured data.
00:00
The data is well-maintained and preserved
00:00
by the column describing some feature of the data.
00:00
Then the row reflecting an individual observation or
00:00
instance of a piece of information.
00:00
Database is commonly in the clutter access via an API,
00:00
an application programming interface.
00:00
It's very important to ensure
00:00
that the database is secure,
00:00
that the API is maintained
00:00
and developed in a secure fashion.
00:00
One of the other storage architectures that's very
00:00
interesting is content delivery networks,
00:00
often referred to as CDN.
00:00
In terms of storage structure,
00:00
the CDN is really set up
00:00
to deliver and distribute information
00:00
that needs to be sent across like
00:00
a wide geographic area and done very fast.
00:00
Often a use case for CDNs are things like
00:00
games or music or streaming services,
00:00
where customers are very sensitive
00:00
to degradation and performance.
00:00
Part of the clever way that CDNs work is that they
00:00
use many proxy servers
00:00
>> across different geographic areas,
00:00
>> or at least put the proxy server closest
00:00
to the most customers you have.
00:00
Then they cash most of
00:00
the most requested information
00:00
>> at the proxy server level.
00:00
>> That when a customer request something,
00:00
they get it very quickly.
00:00
Because the closest proxy server is going to
00:00
be providing them
00:00
>> with the most requested information so
00:00
>> they don't necessary have to return all the way to
00:00
the original storage location to get that information.
00:00
It's often most requested. Quiz question.
00:00
Which storage solution would be best for
00:00
a high volume application that needs to provide
00:00
similar content to users in
00:00
a variety of geographic regions with high performance?
00:00
Content delivery network,
00:00
volume storage or object storage.
00:00
If you said content delivery network, you're right.
00:00
Both volume and object storage are
00:00
important and have their place when it comes to
00:00
storing especially large quantities of data
00:00
in an efficient manner and protecting it.
00:00
But content delivery networks are really ideal when
00:00
performance matters in terms
00:00
of customers accessing the data.
00:00
In summary, we talked about the common
00:00
storage architectures in the cloud,
00:00
talked on the benefits and limitations.
00:00
Some have better performance,
00:00
some are easier to secure when it comes to
00:00
encryption schemes and the granularity of encryption,
00:00
then others are better when it
00:00
comes to supporting availability.
00:00
In all cases, the cloud offers
00:00
a lot of options when it comes to utilizing
00:00
the technique of data dispersion
00:00
to improve security and redundancy
00:00
by storing data across
00:00
multiple cloud instances or
00:00
>> different geographic regions.
00:00
>> We've learned a lot about protecting data at rest
00:00
and store in the different storage architectures.
00:00
I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
