Public Cloud Deployments Risks
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> We talked about what public cloud deployments are, now
00:00
let's talk about some of the risks
00:00
associated with public cloud deployments.
00:00
In this lesson, we're going to go over
00:00
the risks when using public clouds,
00:00
as well as some of the
00:00
>> possible responses to those risks.
00:00
>> We're going to talk about three main risks
00:00
when using the public cloud.
00:00
The first is vendor lock-in.
00:00
Now we've talked about this in
00:00
the past when talking about service models,
00:00
but it's also true of public cloud deployments.
00:00
Vendor lock-in is when a customer is not able to
00:00
remove their data or port
00:00
it to another vendor if they so choose.
00:00
This is often caused by proprietary data formats
00:00
within public clouds that really
00:00
prevent users from taking their data elsewhere,
00:00
and the more you use the public cloud,
00:00
the more data you have there,
00:00
the less likely you are going to
00:00
be able to move that data easily.
00:00
One of the risks is that the public cloud's cost
00:00
may incrementally go up
00:00
and you're stuck paying
00:00
that vendor and dealing with that risk.
00:00
That can be addressed by looking at any contracts or
00:00
fine print before using a public cloud to
00:00
ensure how easily data
00:00
can be ported from the public cloud to another vendor.
00:00
The second risk is vendor lock-out.
00:00
One of the benefits of the public cloud is it's cheap
00:00
>> and you should be very wary if it appears too cheap.
00:00
>> Unscrupulous vendors can get themselves in
00:00
trouble either by not really having
00:00
adequate capital to maintain
00:00
the cloud, and if they go out of business,
00:00
you are locked out,
00:00
you're unable to access
00:00
your data because it's still there
00:00
on their hardware,
00:00
but it's not connected to the Internet.
00:00
Another example of vendor lock-out can occur
00:00
when data is on the same server
00:00
and some of the data,
00:00
>> it might be involved in litigation.
00:00
>> A litigation hold can be placed on the data on
00:00
that server even if your data is
00:00
not involved in the litigation.
00:00
Because it is on the same piece of hardware,
00:00
you can be locked out from access again.
00:00
This ties into our third risk
00:00
that the public cloud is a multi-tenant environment.
00:00
Multitenancy refers to whenever
00:00
multiple customers' data is stored,
00:00
processed, or use by
00:00
the same set of hardware and underlying infrastructure.
00:00
That vendor lock-out example with
00:00
a legal hold occurs in
00:00
multi-tenant environments where
00:00
storage is involved.
00:00
There are a number of sub-risks that come
00:00
from the multi-tenant environment.
00:00
>> Data separation,
00:00
>> because data for multiple customers is being
00:00
saved on the same hardware,
00:00
misconfigurations or potential vulnerabilities
00:00
can occur that compromise
00:00
the integrity of individual records
00:00
in terms of the data.
00:00
Then there's also virtualization.
00:00
All of these individual virtual environments are
00:00
provisioned from using
00:00
virtualization such as hypervisors,
00:00
which we've discussed in the past,
00:00
and those carry their own risks.
00:00
There's vulnerability of the hypervisor itself
00:00
and the underlying hardware that can cause,
00:00
as we talked about in the past,
00:00
information bleed, as well side-channel attacks.
00:00
It's really up to the provider to ensure that
00:00
those virtual machines are well protected
00:00
and that the equipment,
00:00
the hypervisor, used to orchestrate
00:00
it is well maintained as well.
00:00
Availability is another risk with the public cloud.
00:00
Because there are so many individuals using
00:00
the public cloud and there's so much data out there,
00:00
the cloud becomes a target
00:00
for threat actors who may want to compromise
00:00
it and bring it online using
00:00
a denial-of-service attack or
00:00
distributed denial-of-service attack.
00:00
These often happen
00:00
and large-scale ones can really
00:00
be disastrous for businesses.
00:00
Encryption is one of the last risks.
00:00
Encryption is actually a solution in many ways to
00:00
some of the other issues we brought up with the cloud.
00:00
Encryption is a key technology
00:00
when it comes to protecting your data and
00:00
keeping it separate and segregated
00:00
and unavailable to other people in the cloud.
00:00
Encrypting it renders the information
00:00
unreadable to those that do not have
00:00
>> the decryption key.
00:00
>> But managing your encryption and
00:00
>> the proper safeguarding of the decryption key
00:00
has its own set of risks.
00:00
There are unfortunately many examples
00:00
where companies accidentally share
00:00
their decryption keys by placing it on
00:00
publicly available repositories or insecure servers,
00:00
and that enables all the information to
00:00
become compromised and available to other individuals.
00:00
Quiz question.
00:00
What does multitenancy mean in cloud computing?
00:00
Is it: Multiple customers data can be stored,
00:00
process or archived on the Cloud provider's hardware.
00:00
Two, different data types
00:00
can occupy the same cloud server.
00:00
Three, more than one cloud provider
00:00
can operate out of the same data center.
00:00
If you said number 1, you're correct.
00:00
Multiple customers' data can be stored
00:00
processed or archived on the cloud provider's hardware.
00:00
As we said, there are
00:00
so many benefits that come with multitenancy,
00:00
but there are also inherent risks.
00:00
Number 2, we talked about in
00:00
past service model examples that large amounts of data,
00:00
unstructured data can be saved in the cloud
00:00
which provides opportunity for
00:00
advanced analytics to occur,
00:00
so it's unlikely that
00:00
only one type of data could be
00:00
>> stored on a cloud server.
00:00
>> The third one, multiple providers can
00:00
potentially operate in the same data center
00:00
or at least in the same facility.
00:00
It's typically two providers at a time,
00:00
but this is often called a co-location.
00:00
We'll talk about it more in future lessons.
00:00
In this lesson, we talked about the primary risks
00:00
when using the public cloud,
00:00
as well as some of the countermeasures,
00:00
such as encryption, reading your contract,
00:00
ensuring that the data can be ported out of the cloud.
00:00
These are measures you should really take before using
00:00
public cloud deployments.
00:00
>> See you in the next lesson.
Up Next
Instructed By
Similar Content
