5 hours 31 minutes

Video Description

This lesson covers customer concerns and discusses recommendations for the cloud customer which include but are not limited to the following: • Identify which types of virtualization your cloud provider uses, if any • Encrypt virtual machine image when not in use • Consider a zoned approach

Video Transcription

Okay, so moving on Just Cem. Cem. General recommendations for the cloud customer. Of course, every user environments different. Every customer has their own needs. So these are very generic, but certainly things to consider. So the very first thing you gotta think about, um,
asking your cloud service providers from questions find out what types of virtual is ations.
The provider uses what? Their security. You know, there's elements that we talk about. How did they approach securing the virtual machine, the virtualized environment? What? How many systems? How many virtual systems share of physical systems? What are their expectations for work loading performance?
Ah, the second bullet point. Think about a zoned approach. Think about isolation and the need to isolate.
So your high need production high performance environment perhaps maybe isolated from different information, maybe with lower need or lower performance. Um,
highly sensitive data obviously should be fully isolated as much as possible. Eso think about creating a zoned approach and working with your cloud service provider to thio. Integrate that Think about performance when testing and installing virtual machines. Security tools. Performance varies.
So we want to make sure that,
you know, we we try to figure out what the hit is gonna be as we add monitoring. Now, we also want to make sure that they're using virtual ization aware tools. Right? This is a lot more complex and environment than just running a scan on the operating system, checking for viruses. So
we're gonna need the higher in tools that check and that are aware of the V EMS and can monitor that intervene land
traffic refined the licensing agreements with the vendors again. You know you're the customer, and the service providers can provide many more things than out of the box solutions. So it really is up to go in and be up to us to go in and be armed with facts and information
and know the things that we want documented. Know the things that we need outlined in the things that we want
mandated in their service level agreements. It's our job to negotiate for that to evaluating, to continue to monitor and make sure that that's being done alright. Each virtualized operating system should be secured using an inline virtual machine
combined with hyper visor based AP, eyes application programming interfaces, VM wear
and the Shield So ultimately, we want to make sure that the virtual ization environment, just like we've talked about, is secure and that it's isolated from the others, that it's protected from issues with the hyper visor with other virtual machines. Virtualized OS should be
off minute by built in security measures. So
all right, first of things that virtual ization operating systems, of course, need to be patching. Updated all those security that organisms. But also we look at layered technology and making sure that the physical devices you know, a lot of this is really just kind of reviewing what we've talked about from the past couple of issues. The physical devices are secure
that were using the tools that are the m aware
that they're monitored properly, that we automate it or not. We necessarily where the customer, but that the service provider has mechanisms that automate because the sheer amount of data and the shirt sheer amount of virtual machines on a single physical system can be very unwillingly
secured by default configuration must be assured.
Um, essentially, this idea of secured by default
many service providers and I'm not talking about the cloud. I'm just talking about many product providers choose ease of use over security,
Right? If you think about access points, traditionally, you pull an access point off out of the box. And for the longest time, it didn't come with you know, any means of encryption. It didn't require authentication. Very secure, unsecure out of the box. Well, the opposite that is secured by default.
Nothing works unless it specifically configured
to work. No traffic is allowed unless it's specifically, uh, allowed, so to speak. This is referred to his white listening. It's everything is turned off. Everything is blocked. Except what's on this little white list that says, Here's what can happen
And that's obviously a much more secure configuration. Sometimes it costs ease of use.
That's okay. In the world where we're putting our data across the Internet, we will work on the ease of use issues,
securities and much more important factor.
Okay, virtual machine images encrypt them when they're not in use. Now force when you use the virtual machine s we decrypted and there's overhead there, and it's re encrypted to store. But that protects those devices from integrity, modifications and from confidentiality breaches. So that's an important piece
again, you know, this is the second to the last bullet points. See if it's feasible to segregate v EMS and using security zones. Yeah, I mean, always look into the more isolation. Really, In a lot of ways, uh, the more isolation you could bring in,
the more you can characterize each zone based on the security needs.
All right, And then make sure that the vulnerability assessment tools that are being in use in use are being used on the virtual ization technologies as well. You know, again, that's all kind of a rap.

Up Next

ISC2 Certified Cloud Security Professional (CCSP)

This online course will guide you through the contents of the CCSP certification exam. Obtaining your CCSP certification shows that you are a competent, knowledgeable, cloud security specialist who has hands-on experience in the field.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor