Hey, guys, we'll have another episode of the S S C P Exam Prep Siri's I'm your host, Peter Sippel in This is going to be the fifth lesson in the seventh domain
So far in the seventh domain, we've taken a look at the C I A triad and how malware threatens the pillars of confidentiality, integrity and availability. We've taken a look at different vectors of infection how one might get viruses
or malware on their computer or network.
We've taken a look at malicious Web activity and how to successfully identify infections.
We've looked at how to analyze different kinds of malware and how to mitigate it successfully.
We've also taken a good will get cloud security, how privacy is handled in the cloud and the transmission and storage of data within the cloud.
Now, finally, in today's lesson, we're gonna take a look at encryption of the cloud and why it's important to encrypt data in the cloud. Just this is it is important to encrypt data within your network. Lets get started.
Encryption is an important technology for security practitioners to consider and use when implementing systems that will allow for secure data storage like normal networks. Encryption is very important to the cloud, and they that resides in the cloud needs to be encrypted.
There's really three aspects off different boys. You can implement data encryption at various faces within the cloud. They are data in motion, data at rest and data that's in use. So when David's in motion, that means getting passed back and forth throughout the cloud. You want to make sure
it is, ah, encrypted, usually when it goes into, like, an encryption tunnel. So,
for example, this is things like I p sec virtual private networks and then t l s and S S L. He's insured that once the data is in the tunnel, no one can see it. No one can touch it. No one knows where it's going.
Data at rest is where when Dean is not being used at all, it should be encrypted with its archived or stored somewhere. It needs to be encrypted to make sure that no one can get in, take a look at it and also dated and uses just dated that is being shared, processed
now, like some war networks, the main components off cloud encryption or the data, which needs to be encrypted, of course, the encryption engine and the encryption keys
Safeguarding the keys is a crucial activity necessary for ensuring ongoing integrity.
So when when you're offering infrastructure as a service, it's very important that encryption is implemented here simply by the nature of infrastructure. As a service, you were supplying the infrastructure, the hardware four people to run their network. So
it is a security practitioners
job to be familiar with encryption and how encryption can
be implemented within that hardware. Now, as we said before in the previous lessons,
infrastructure as a service uses two different types of stories. A used volume, storage and object storage. Both of these and support support encryption. So with volume storage, there are two different ways you can encrypt the data.
There is instance, based.
This is where the encryption engine is located in the actual instance itself.
And there's also proxy based encryption, which focuses on a proxy machine that handles the keys and does all the encrypting for you and gives the encryption to the instance of the instance.
I love the network can run
because also object storage encryption. This is two different types is, well, there is a file level encryption. This is where files are encrypted inside a database, and there's also application level encryption. This is where the encryption engine of resides.
Within the application itself,
the proxy can be implemented on the customer gateway or as a service, residing on the external provider.
Now, if you didn't want to encrypt the data in the cloud for whatever reason, if you have a different kind of network that the data needs to be access faster than they have all it takes to decrypt, you can protect the cloud your data in the cloud. In other ways, there is
data masking and up to education.
So with this, you can substitute random values so you can change values off your data.
You can move different data out of order or switch the data values round.
You can mask the day. This is where you hide certain parts than data. For example, if you ex out the first couple of numbers of something and then just put the couple trailing numbers at the end, and there's simply deletion removing or making sure no one else can see the data,
there's data Anonymous station. This is where personal information is Rees removed. So this is things such as
names, addresses, Social Security numbers, that type of thing, and it's also organization. This is where you substitute a sensitive data element for a non sense of form
software defined network. This is one of the up and coming, more popular virtual environments. This software to find networking is an approach to computer networking that allows network admin is to manage. Network service is through the abstraction of local lower level functionality.
This is done by separating the control plane
and the data point. The entire network is defined with the controller, and there are two AP I. So the controller is considered to be the brains, the network, and they make all of the information on how traffic can flow throughout the cloud.
Then, once they make the decisions on how traffic flows throughout the cloud,
they send this information to the routers and switches through the South bound AP eyes.
From there, the routers and switches will know how to handle any traffic going through the clouds.
Once that's done, the controller can send information to applications through North bound AP eyes. These help network administrators to programmatically shape, traffic and deploy service is
in today's lecture. We discussed plowed encryption,
data protection and software to find networks
All of the following are components of clad encryption except
a the encryption engine.
See encryption to find network or de encryption data.
If you said see encryption to find network, then you are correct. Remember, Cloud encryption is very similar to encryption on regular networks, where you need the engine, the keys and the data.
Thanks for watching guys. I hope you learned a lot in this video, and I'll see you next time.