the UNECE report was created in 2009. This report actually influenced the C S, a guidance that we've been primarily focused on. As a result, there is a lot of redundancy between the C S, A guidance and the UNECE report, and some of the information itself is based on data technologies. We're not gonna be talking about the entire report in this module,
but we'll be going over key areas that let you're likely to get tested on in the CCS K exam.
Keep in mind about 7% of the CCS K exam Questions are based on material from this report published by the European Network and Information Security Agency Anisa
The sections of the report that recover here are the security benefits of cloud risk assessment overview,
top security risks and key legal issues. We're going to spend the rest of this video Examining the eight security benefits of the cloud
Cloud is a change and you lose control over how certain things are managed. But it's not all that bad. In fact, if you're working with a solid provider, you can improve your security stance. Personally, I like that. The report starts out by looking at the positives rather than trying to scare the reader and to be worried about all the risks associated with the cloud
to summarize the benefits in an ISA. Let's start with security and benefits of scale.
Having the ability to host were close across multiple data centers throughout the globe wouldn't be feasible for the vast majority of companies. This dramatically simplifies implementing disaster recovery and business continuity plans. And when you design things right, it can improve your customer experience. Remember, the providers have multiple endpoints throughout the globe,
and this reduces the late insee of connections between your services
and your users located throughout the planet.
The automated responses you can build using firewalls and software defined networks dramatically improve the speed at which you can take actions and respond to security incidents. To that end, seconds capabilities are primarily created by dedicated cloud security experts working for the provider,
and your company probably couldn't invest a salary for just those purposes.
In fact, security becomes a market differentiator. Providers must fulfill their side of the shared responsibilities model and protect their own reputation as a safe place for tenants. Providers often create standardized interfaces and third parties can then integrate with these interfaces to provide additional security services to the cloud customers.
For example, virtual appliances
but also vulnerability assessment tools. And last on this list is a rapid, smart scaling of resource is this is using virtualization to take advantage of the large resource pools that the cloud providers have
in the event, something does go wrong. Audit and evidence gathering is actually improved, You may recall, from domain four. We talked about a variety of different mechanisms, even quarantining machines to use for forensics and protecting your log information.
You can achieve more timely, effective and efficient update processes. Remember the mutable server pipeline Also Infrastructures code. They allow cloud customers to simplify the management and tracking of security controls. This then means updates and patching could be deployed much more quickly
and in the past. And SAS situations, the cloud provider themselves, is responsible for meeting different SL is in this matter.
In fact, the provider has every incentive to meet those s L. A's and demonstrate compliance throughout audits. Ultimately, this success tracks more customers who see the provider and see their compliance, and they want that risk reduction for themselves the benefits of resource concentration is a finer point on the economies of scale. The cloud customers benefit
not having to manage the physical layer
as well as the associated physical security controls. And that could be costly in its own right. In this video, we examined the eight security benefits highlighted in the Cloud and ISA report.