Time
5 hours 31 minutes
Difficulty
Advanced
CEU/CPE
6

Video Description

This lesson covers the reasons for the encryption of data. Encryption is important for when data moves in and out of the cloud and protecting data at rest, it also offers security against third party access. There are different ways to encrypt data depending on what kind of service you have: IaaS, PaaS, SaaS, all of which use different methods.

Video Transcription

00:04
all right. The next thing to talk about it are the cases for encryption. Why we want encrypt. Well, we want to protect the privacy and confidentiality of our information, and we have to think about it. This data moves to and from or in and out of the cloud we need to make sure it's protected at rest a swell
00:23
many times. This is a requirement
00:26
to be in compliance with certain regulations, whether it's P. C. I. D. S s HIPAA Aah, financial information or protecting personally identifiable information. But usually there's some sort of requirement that we have to meet, and encryption is a big piece of that.
00:43
We want to make sure that we protect our information from third party access.
00:47
Assuming that third parties not authorized, um,
00:51
we need to make sure that we have an additional boundary or barrier if you would, from one organizations data to another to make sure that you know, we were granting access to the same physical machines that even if we're on different virtual machines,
01:10
if we have access to the same physical machine we wanted, just added
01:14
extra layer off separation. And also we've talked about encryption allows us to destroy dabba when physical destruction isn't available and we talk about crypt of shredding. All right, so best practices use open and validated formats.
01:30
So rather than trying to come up with our own proprietary encryption algorithm,
01:36
it's best that we use what's available. Currently, kind of the de facto standard is eight. Yes, currently there other well recognized and open standards and algorithms for encryption. But as a general rule,
01:49
we want to go with open and validated formats. There's no need to bring anything new to the mix here. We already have numerous
01:57
algorithms and mechanisms that are tried and true
02:01
as an enterprise. We keep the keys right. We don't get the keys to the Cloud service provider. We keep the keys because ultimately, the only way that information's gonna be unlocked is through the keys. And should we entrust those keys to someone else that gives us 40 vulnerability,
02:16
identity based key assignment in protection of private keys.
02:22
So, for instance, if you work in the government, you have a cat. Well, that's your private key on the cat, and that's bound to your identity. So the same idea is that users have keys and in a big benefit of that is for confidentiality, but also for accountability as well that we can map transactions back
02:42
two.
02:43
Ah, an individual non repudiation, if you will. Aren't you strong encryption? There are good, strong encryption mechanisms out there. And what we have to choose is based on performance versus strengths of security, which he's gonna be best
02:58
meet our needs
02:59
and then follow key management best practices for where and how the keys were stored and their numerous ones. But ultimately they involve protecting the key, making sure the keys are archived. Making sure that to recover a key, for instance, is not something that a single entity can do. Lots of good practices.
03:19
So data encryption across the various implementations
03:23
I I s has been in use volume storage. Remember, we talked about the storage mechanisms earlier. So means of encrypting the entire volume, or att, least the individual files that we would see with object storage. Encryption
03:38
platform is a service client application encryption database, encryption, proxy based encryption. So, ultimately,
03:47
regardless of the mechanism that we're using, whether we're using the day to pace mechanisms or however that may work, we want to make sure that we provide encryption there and then for software is the service making sure,
04:00
um, that the cloud service provider has a means for protecting our dad. And remember, we're story accessing the application, and dad is being stored within that context to making sure that they have a means to protect and gripped our dabbles well.

Up Next

ISC2 Certified Cloud Security Professional (CCSP)

This online course will guide you through the contents of the CCSP certification exam. Obtaining your CCSP certification shows that you are a competent, knowledgeable, cloud security specialist who has hands-on experience in the field.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor