12 hours 57 minutes
All right now, we're gonna talk about some of the risk to private cloud deployments. You know, with all that greater amount of security and the greater expense, there still are some risks when using the private cloud deployments.
All right. The learning objectives for this lesson are really describe the common threats to private cloud convey the significance of these threats and then describe any of the common countermeasures to these risks.
And it's also worth noting that a lot of these threats aren't specifically unique to private cloud, but they're still applicable. They many of them still apply generally to many cloud deployment models.
The most relevant risks when using the private cloud
personnel threats, Just like we talked about whenever you're using a shared services model where the
cloud provider is responsible for the administration of the hardware or other services, they're going to be the risk of personnel threats.
The people working on the cloud infrastructure aren't your employees if you're a cloud customer. Therefore, whether by a mistake or inadvertently, those employees could introduce miss configuration security, vulnerabilities, malicious code backdoors
into that cloud infrastructure and that definitely is a problem when private cloud, especially given that you're paying the expense you want to do extra due diligence that the cloud provider does. Background checks, financial checks potentially on individuals with access to particularly sensitive information.
External attacks are always a possibility and possible risk when using a cloud deployment. These external attacks are things such as denial of service or distributed denial of service attacks, which attempt to flood and overwhelm the cloud provider services and attack and compromise its availability.
There are also just general attempts to compromise the cloud deployment by using malware malicious software of various types trying to exploit any kind of vulnerability that threat actors can find. And this is really an ongoing battle where you must continue to monitor and ensure that there's appropriate logging, monitoring, incident response,
as well as that there's appropriate patching and configuration
of the private cloud to ensure that vulnerabilities are mitigated as quickly as possible. And that there really are appropriate controls to prevent an attacker from exploiting a vulnerability and doing more damage than uh, that they could in in the cloud
regardless of the cloud deployment model, you still have regulations. And this is particularly important to the private cloud because remember, as we said, the reason you may be using a private cloud instance is because
the data that's going into the cloud really shouldn't be commingled with other data in the way that it might be in a multi tenant situation in the public cloud.
You really want to keep that data separate and isolated. But that means there may be more regulations, more compliance obligations to protect that data in a private cloud scenario. So the risk of violating regulatory noncompliance is definitely more prominent in a private cloud scenario. You just have to make sure that you have appropriate control mapping. You understand the rules and regulations that are applicable
to your industry or the data that's being held in the private cloud.
Then, lastly natural disasters. This is true of any cloud based model, but you really have to be keenly aware of where the data center, where your information is hosted is and whether or not they have appropriate backup solutions, redundant utilities
to protect themselves in the case of a natural disaster that might compromise the infrastructure in the surrounding area
as well as that. You may have configured your disaster recovery and backup solution to be geographically dispersed areas that have
different or at least separate risks when it comes to natural disasters. To ensure that you maintain business continuity and availability of your solution in the private cloud.
All right, let's think about some things related to the private cloud.
How the risk of the private cloud deployment compared to the public cloud? Well, many of these were the same. You know, the personnel threats. That's something that's the same because the administration of the underlying hardware is being done by the provider. And we see that. And then also the public cloud
in the private cloud are both susceptible to threat actors. External attacks were using malware, trying people trying to exploit various vulnerabilities to get at your data. Now, the main differences the attack surface and potentially the number of eyes in the public club, there's so many people's data out there that it could be attracting more, more attention. And there's also a greater attack surface whose you're relying on virtualization. And we talked about many of the attacks that
you are designed at compromising the Hyper Visor. Now those things exist in the private cloud, but it's really you aren't going to be worried as much as someone compromising an instance and being able to escalate privilege and get access to your data. Your data is the only thing out there. However
many private clouds, the data is more sensitive, potentially more valuable to threat actors who want to compromise it.
Now, that's also considered, could private cloud deployments create a false sense of security like, oh, our tax surfaces smaller, we have more control. Could this to create a false sense of security?
Not exactly. I think any time someone is going to the private cloud, they realized that the data out there is valuable and any organization should be taking security very seriously. Now it is important to do due diligence on your vendor to prevent some of these internal threats,
make sure they have adequate controls in place to mitigate those risks associated with natural disasters.
But that's really the importance of how to use the private cloud and made the risk. They're involved.
Alright. In summary. We talked about the common threats to private cloud deployments. We also talked about many of those common measures to uh resist those things as well as we did. Some compare and contrast of how the similarities and differences between the threats and risks associated with the public cloud versus the private cloud. All right, I'll see you in the next lesson.
Certified Cloud Security Professional (CCSP) Practice Test
This practice test from CyberVista will help you prepare for the Certified Cloud Security Professional ...
Certified Cloud Security Professional (CCSP)
As you develop your skills for a cloud security engineer, architect, or manager role, you’ll ...
13 CEU/CPE Hours Available
Certificate of Completion Offered