welcome back to acid security course. And in this video, I would be finishing the story about protecting data on your PC. So in this video ideal, Ah, protecting data in your company and I in this video, I will talk about protecting data that is currently being worked on and protecting dating communication.
So if the data that is currently being worked on is on your local PC, this is covered in previous video. But in this video, I'm going to talk about protecting data. It is in the cloud. So to protect dating the cloud, you have to control the excess. First off,
who connects is the cloud. So you
you sort the data. Remember, if you have listened to the lesson about types of dating in the company,
we have the sensitive data. We have crucial data. We have not so important data and that there should be a different level except off access to each and every category. So these data should be categorized. For example, if it's, um,
for example, if your medical in medical business and you're you're having patient records, they are sensitive, and there should be restricted the number of people who can access that datum,
and there should be a log off every each and every access, at least for some kind of future or did purpose.
so this is about controlling access. The other thing is to limit access based on device and location. So, for example, if you're accessing from the desktop PC inside the company network, then you have, ah, higher level of access.
And if it's for example, again, if you're in medical business and if it's a doctor accessing from their tablet or PC from home,
then there should be a second level or even third level off authentication required that can even include a phone call authentication to check if that person is actually accessing that data,
especially if it's a patient record. So if this works in combination off accident, controlling off access, for example, if you're if you're no nurse and you're working from home, you shouldn't be allowed to access patient. That a toll. On the other hand, the doctor should be
so This is the field which is most exposed to these things of issues but also banking as well financial institutions. They can also do things remotely that they shouldn't be allowed to do if
if or it least there should be an additional security protocol making sure that they don't,
they don't that somebody is not doing instead of them.
Then the sensitive data should be flagged, and every time somebody accesses the sensitive data,
you should be compared with different things. For example, if there have signed in the badge and their inside the company and they access data from the outside with their user name or their credentials than should be an immediate alarms in okay, this date is being exit. But somebody
who is not supposed to be under its location,
this is just the example.
Then there should be a business intelligence that is telling so some kind of AI or some kind of sound smart software that is analyzing who's doing that
and finding anomalies, which are used to see if somebody's on a regular basis, accessing data that they shouldn't be accessing or
if they're accessing data, which is in a way that is quite different from everybody else in there
environment. For example, if one doctor is looking to the patient data which are not his patients, it should be flagged or something like that.
And finally, to protect dating the cloud you need to build advanced security security layer. And it works in conjunction with adding business intelligence. So basically 11 more layer of security allows you to.
Additionally, Trek who's doing what and some how. And you can also track Come,
uh, some some for simply, You can flag some things that might be interesting for somebody from the outside
on, and you get the additional flag if these data is accessed. This is This is very complex thing, and I'm not going to go into details about this. I'm just mentioning it. It's
what is recommended today. If you want to protect eight in the cloud. Thistle just mentioned works if you have the company cloud inside the company. So if you're using somebody else's cloud, then it's usually up to them to provide that level of security and to give you their reports.
And they're usually going not going to let you dual these things, except maybe controlling access and limit Texas based on the device and location. That's that's what you can tell them. OK, need that.
But if you're using whoever clouds you're using, they will. They will say, Okay, it's now our responsibility and we're going to protect it. And they have a eyes, artificial intelligence after or some kind of business intelligence and the oldies and one security layer is already in place.
And finally, when it comes to protecting data, we're gonna going to talked about community dating, communication and transit. So there are two things with different
kinds of protection. So one is if they taste inside the company network and today, Still, the best way to protect data that is
flowing around your company network is to force usage of wire networking. So if people even if they're using no books, they have to sit somewhere. There should be a cable there. They should be able to connect. But if there somewhere where it is physically not possible. And it's getting more and more
used. Today, for example, of people have collaboration spaces or death sitting in meeting rooms
and there is not enough wired collections for everybody, then somebody has to use wireless
Then, In that case, the thing to do is to force VPN for violet success
and outside the company in it for so if you're working from home or you're wrong. He went
then. Encryption is the key,
and that is the only thing you can actually do. And to do that, you should have a VPN system in your company, Virtual private Network, which essentially encrypts all communication between the
PC off the user and the company natural from the moment they're connecting. So even the passwords are encrypted.
in that case, you're pretty much secured. The problem is that people are not using it. So if you're in charge of determining the practices, you should make sure that if they're not connected, why we piento corporate and they can actually do nothing. They conserve the net, and that's it. So that's
that's pretty much the only thing you should allow them to do. If they are using their private PC and they're there, they they're just connected to the local Internet in the wherever space they are. So the moment they connect to cope with the network, they should be forced to connect toe VPN.
And then you are pretty sure that everything will work fine. Of course, there are ways
toe abuse, the weepy end, but then we're talking about about high level hacking
Onda, and this is simply not the subject off this course and it's level.
So in this video, you have learned how to protect data depend on the type how to protect data while people are inside the company, how to protect data when they're outside the company and how to protect eight on the clock.