7 hours 33 minutes
Hello and welcome to Siberia's Comp TIA Certified of Van Secreted Practitioners Certification Preparation Course.
This is margin of a five and this title host security controls.
These are the learning objective, which encompasses this particular Marshall. But let's not turn to your discussion off operating and figure cloud security.
This is actually such and four of this particular module
these and objectives, which encompasses this particular section. Here. We could begin by taking a look at Operation Models, service models, virtualization, legal in privacy concerns, data storage and transmission and, lastly, third party. But other words, outsourcing requirements.
But before we get going, let's take a look at this pre assessment question, and the question is as follows. Which of the following is not a top security threat? Isn't a abuse in the Ferris use of cloud computing be insecure interfaces and application programming interfaces see
unknown risk profile or lastly,
If you say like that D'You absolute correct.
Now this next live What we have is a list of some of the top security threats Rayna farm abuse and the fairest use of cloud computing. Insecure interfaces or application program interface is unknown. Risk profile, malicious insiders share technology issues,
data lows or leak it account or service hijacking.
Now we're going to look at Cloud computer. Obviously, there are some advantages we need to highlight. First of all, some advantage is we have flexibility.
A second companies more band with unusual, a cloud based service can instantly meet the demand because of the vast capacity of the service remote servers. In fact, this flexibly is so crucial that 65% of respondents to an Information Week survey said they're building equipment, meat business. The band
was important reason to move to cloud computing.
Then we have disaster recovery when companies start relying on cloud based service is they no longer need complexes as recovery plans for computing devices take care of most issues and they do it much faster.
The other thing we have is automated software updates,
basically, and what happened is we started. The companies are able now based upon the twilight computing technology they able because of cloud computing supply. Do tow service maintenance, including security updates himself, freeing up the customers time and resource is for other times. So again they're able to have these automatic updates under that advantage
We also have some additional. Vange is is capt. Expenditure free
cloud computing service is a typically pay as you go, so there's no need for capital expenditure at all. And because Clark of it is much faster to deploy, businesses have minimum products, startup costs and predictable ongoing operation expenses as well.
Then we have increased collaboration
cloud computing, increasing collaboration by allowing all implores wherever they are to sync up and work on documents and share APS simultaneously and follow colleagues and records to retreat critical updates and literally riel time.
We also have the building again to work from anywhere as long as employers have in that access, they can work from anywhere. This flexibility positive faked the knowledge workers in terms of work, bat like balance and productivity. One study found that 42% of adults
would give up some of death salary if they could tell a commune, on average, they would take a 6% pay cut. So here again or something really, with Vantage is off cloud computing.
Now for the service models concerned, Cloud computing is a delivery of computing service is service storage databases, network and software analytics and more over the Internet.
Companies offer knees, computing service, our call cloud providers and typically charge for cloud convenience. Service is basic for usage, similar to how you bill for water or electricity at home. Still fall here how Clark Computer works and what it's for, basically designed to begin
basically again to provide a means by what you could have incurred, what we call rapid of what we called his *** recover. You need not where about complexes actually commit plan when you have a cloud computing solution and
in a fake now, some top benefits of cloud computing always follows. First of all,
basically, the cost of cloud computing eliminates the capital expenses. Speak more car computer service all provided self service and on the man, So it's so so. Basically this even a vast amount of computer and souls can be provisions. In minutes we look at Clark and beauty
productivity on site data centers typically require a lot of racking, and stack and heart was set up software. Patch it and other time consuming. I demand a short clock computer removes the need for many of these tasks, so the I T team can spend time on achieving Maur and Poor business goals.
Performance. The biggest cloud computing service run on worldwide
of secure data centers, which are regular upgraded to latest generation off fast efficient computer hardware. You all several liability crime, computer mix, data backup, disaster recovery, business continuity, ease and less expensive. And so when that's one of the things that we see now forced employment models again that you have
before I move on a Mitchell again, that
class above I thought we call elasticity. And really, that's very important to organizations. You also have ability ***. Have what we call pay as you use type programs now forced the different deployment methods in cloud. The 1st 1 we don't discuss here. Call public, come out.
Basically these classes owned and operated by 1/3 party
and with that public are all heart West suffered other supporting infrastructure's owned and managed by that cloud provider.
Then we also have what we call hosted private clouds. These cars are maintaining data centers that are operated by the cloud Service invented, such as Rackspace HP. IBM, a single private cloud customer, uses core resource is such as computer and storage without share to Tennessee
at the very least a man's top provider offers manage and for sculpture support.
Then we have their private cloud. Would you get a private cloud? Were first to cloud Computing Resource is used exclusively by single business or an organization.
Then we have community. Cloud in Computing is a collaborative effort in which infrastructure is shared between several organizations from a specific community with common concerns. Security, compliance, jurisdiction, whether match internally, all about third party and hosted internally or externally.
Then we come to Artie. Infrastructure improvises service. Now I t. Infra scope of eyes elasticity You again. You have pay as you use. You have the different what we call the different deployment models as well.
Now these again of the different operation of models. Here you have infrastructures of service network as a service software's of service and then platform of the service.
So the first woman take a look at infrastructure as a service. The most basic category Cloud Computing Service's with in Frustrations Service. You read Artie Infrastructures servers, virtual machines, storage network operating system from a clock provider on a pay as you go tight basis.
Then we have network as a service is a business model for delivering network service is virtually over the Internet on a pay or paper use or my description basis.
Then we have software the service, which is a method for delivering software applications over there in there on demand and typically on a subscription basis with some where's the service copper about his host. They've managed a software application and the underlying infrastructure and handle any maintenance like software of grace and security. Patch it
user connected application over in that used it with a Web browser on their phone tablet or
There, we have platform as a service. It refers to a cloud computing service that supplies and on the man environment for developing, testing, delivering and management software application. Your platform is. The service is designed to make it easier for developers to quickly create Web or mobile app without worried about sitting up or managing
the underlying infrastructure of servers. Storage network
databases need it for
now force. When you look at cloud computing, you do obviously gonna have some illegal and privacy concern. Now I've seen the capacity for expansion, simplicity of configuration, ease of virtualization, total demand as you need mentally is, it obviously is extremely distracted to individuals use. It's well, it's major organization,
often with all these conveniences. The challenge complacent. Comply with legislation.
Regulation laws issued by countries worldwide will become an ever increasing child for cloud providers as well as the cloud uses themselves.
Then we look at surveillance. Only one close observer observation and collection of data are evidence for a specific purpose or confined to a narrow sector. In comparison, environment of skinning is broad and includes oh ah, soda External factors.
is the act of having legal rights and complete control over a single piece of set of data elements defines. It provides information about the rightful owner and data data assets and the acquisition, use and distribution policy implemented by the data owner.
We have a term called jurisdiction.
Basically, it relates to basically it's the power or write of a legal or political agency to exile authority over person, subject matter or territory.
it's called, basically is first to any process in which electronic data is sought located security in search with the net of using it as evidence in a civil or criminal a legal case
data storage and transmission. At the core of all cloud service is products and solutions are software tube with three underlying pillars and functionality tunes for processing data and write an application.
Did moving data as well as preserving a store in your data?
So archiving is the prices of moving down, and there's no longer actively used to a separate stores. Advice for low term retention
recovered at a
recovery Data recovery is a process was over. Storing data that has been lost actually lead it corrupted or made inaccessible.
Resilience is the in computer network is the ability to provide and maintain except the level service in the face of fault and challenges to normal operation. Threats and challenges for service is can range from simple miss configuration, which again bass reason why most of time I sister were compromised because of what Miss configuration
Off oven application, along with some type of service.
Then we have what we call 1/3 party outsource and requirements
opposite a good with what you wanna have. A good service level agreement is important because what that does for you assess his baron, who's an expectation for following aspects of data center service provisioning and S L. A. Again drives the internal prices by suddenly clear, immeasurable standard of performance data. Port of believing First ability to move
copier transferred down easy from one database storage
one. Artie environment to another. Data destruction is a process of destroying downtown store on tapes, hard disk and other forms. Elektronik Meteor. So that is completely unreadable and cannot be a sense or use for authorized purposes. We also unemployed, we call RT.
This is no nothing less than an examination. Evaluation organization, information
technology, infrastructure policies as well as its operations.
Now force your security interaction model. This actually shows here again the cloud model and looks again looks at the gaps. We had to look at that security control models,
and then we actually look at the compliance. Marshall. The investigators provide again practice
identified gaps between the provider and consumer security policies address, and obviously they are dressed as appropriate. Now this brings us to our post assessment questions, which is follows. Would your father is not a cloud? Operation model? Is a infrastructure the service be off platform as a service?
See software, the service or
data as a service
if you said let the day you're absolutely correct Now doing this particular presentation, we briefly highlight the operation models, the service models. We discuss what virtualization is legal and privacy concern. Data storage transmission and lasted. Discussed third party and outsourcing requirements
again in our upcoming presentation will be moving on to Section five. Operate a secure virtual environments. Look forward to seeing your very next video.
In this course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA A+ Exam!