ENISA Recommendations
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
9 hours 59 minutes
Difficulty
Intermediate
CEU/CPE
10
Video Transcription
00:01
>> The initial report was created in 2009.
00:01
This report actually influenced
00:01
the CSA guidance that we've been primarily focused on.
00:01
As a result, there's a lot of redundancy between
00:01
the CSA guidance and the ENISA report,
00:01
and some of the information itself
00:01
is based on data technologies.
00:01
We're not going to be talking about
00:01
the entire report in this module,
00:01
but we'll be going over key areas that you're likely
00:01
to get tested on in the CCSK exam.
00:01
Keep in mind about seven percent of
00:01
the CCSK exam questions are based on
00:01
material from this report published by
00:01
the European Network and
00:01
Information Security Agency, ENISA.
00:01
The sections of the report that were covered
00:01
here are the security benefits of Cloud,
00:01
risk assessment overview, top security risks,
00:01
and key legal issues.
00:01
We're going to spend the rest of this video
00:01
examining the eight security benefits of the Cloud.
00:01
Cloud is a change and you lose
00:01
control over how certain things are managed.
00:01
But it's not all that bad.
00:01
In fact, if you're working with a solid provider,
00:01
you can improve your security stance.
00:01
Personally I like that the report starts out
00:01
by looking at the positives rather
00:01
than trying to scare the reader and to be worried about
00:01
all the risks associated with the Cloud.
00:01
To summarize the benefits in ENISA,
00:01
let's start with security and benefits of scale.
00:01
Having the ability to host
00:01
workloads across multiple data centers throughout
00:01
the globe wouldn't be feasible
00:01
for the vast majority of companies.
00:01
This dramatically simplifies implementing
00:01
disaster recovery and business continuity plans,
00:01
and when you design things right,
00:01
it can improve your customer experience.
00:01
Remember the providers have
00:01
multiple endpoints throughout the globe,
00:01
and this reduces the latency of connections between
00:01
your services and your users
00:01
located throughout the planet.
00:01
The automated responses you can build
00:01
using firewalls and software defined networks
00:01
dramatically improve the speed at which you can take
00:01
actions and respond to security incidents.
00:01
To that end, [inaudible] capabilities
00:01
are primarily created
00:01
by dedicated Cloud security experts
00:01
working for the provider,
00:01
and your company probably couldn't
00:01
invest a salary for just those purposes.
00:01
In fact, security becomes a market differentiator.
00:01
Providers must fulfill their side of
00:01
the shared responsibilities model and protect
00:01
their own reputation as a safe place for tenants.
00:01
Providers often create standardized interfaces
00:01
and third parties can then integrate
00:01
with these interfaces to provide
00:01
additional security services to the Cloud customers,
00:01
for example, virtual appliances,
00:01
but also vulnerability assessment tools.
00:01
Last on this list is a rapid smart scaling of resources.
00:01
This is using virtualization to take advantage of
00:01
the large resource pools that the Cloud providers have.
00:01
In the event something does go wrong,
00:01
audit and evidence gathering is actually improved.
00:01
You may recall from domain four we
00:01
talked about a variety of different mechanisms,
00:01
even quarantining machines to use for
00:01
forensics and protecting your log information.
00:01
You can achieve more timely, effective,
00:01
and efficient update processes.
00:01
Remember the immutable server pipeline
00:01
also infrastructures code,
00:01
they allow Cloud customers to simplify
00:01
the management in tracking of security controls.
00:01
This then means updates and
00:01
patching can be deployed much more quickly,
00:01
and in the past and SaaS situations,
00:01
the Cloud provider themselves is responsible for meet
00:01
in different SLAs in this matter.
00:01
In fact, the provider has every incentive to meet
00:01
those SLAs and demonstrate
00:01
compliance throughout the audits.
00:01
Ultimately this success tracks more customers who see
00:01
the provider and see their compliance
00:01
and they want that risk reduction for themselves.
00:01
The benefits of resource concentration is
00:01
a finer point on the economies of scale.
00:01
The Cloud customers benefit not
00:01
having to manage the physical layer,
00:01
as well as the associated physical security controls,
00:01
and that can be costly in its own right.
00:01
In this video we examined
00:01
the eight security benefits
00:01
highlighted in the Cloud ENISA report.
Up Next
Similar Content
