Treacherous 12 Part 8: Data Loss

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Treacherous 12, number 8, data loss.
00:00
In this lesson, we want to talk about
00:00
the risk of data loss in Cloud environments,
00:00
the potentially devastating impact of data loss,
00:00
and techniques and strategies to mitigate
00:00
or at least reduce the impact of data loss.
00:00
Now, data loss refers to
00:00
losing any data that's in the Cloud environment.
00:00
Now, the scale of that data and
00:00
the nature of the data dictate its true impact.
00:00
Data loss can be done intentionally
00:00
>> by some hacker or threat actor where
00:00
>> they are able to access your Cloud environments and
00:00
>> delete sensitive customer data or code that's needed
00:00
>> to operate your Cloud infrastructure or applications.
00:00
>> Data loss can also occur accidentally,
00:00
misconfigurations or accidental deletion
00:00
of data backups may result in data loss.
00:00
Regardless of whether it's been done
00:00
intentionally to your organization or accidentally,
00:00
the impacts of data loss can be significant.
00:00
It can result in lawsuits.
00:00
You make promises to your customers and
00:00
your service level agreements and other contracts
00:00
>> about the availability of their data.
00:00
>> Your customers may be well within their right
00:00
>> to sue you for the damages
00:00
>> caused by the loss of this data.
00:00
>> Sony Picture Studios was hacked in 2014
00:00
>> and many of their movies
00:00
>> were released far ahead of schedule.
00:00
>> Sony actually set aside $15 million to address
00:00
>> the repercussions of that data loss incident.
00:00
>> Some companies aren't even as lucky.
00:00
Also in 2014, Codespaces, an online hosting
00:00
>> and code publishing provider was hacked.
00:00
>> The hackers actually deleted a lot of
00:00
>> their customer data so much though that the platform
00:00
>> ultimately went out of business as a result.
00:00
>> Now, what can you really do
00:00
to address this risk related to data loss?
00:00
Well, first and foremost
00:00
>> are things that we've already discussed,
00:00
>> business continuity and effective disaster recovery.
00:00
From a business continuity perspective,
00:00
you have to really be disciplined
00:00
>> in identifying where your critical data is,
00:00
>> how is it backed up,
00:00
and what the situations and strategies
00:00
>> that you've accounted for to restore that data and
00:00
>> ensure that there's continuity of operations
00:00
>> and minimize impact on your customers
00:00
>> even if part of that data were to be lost.
00:00
>> Disaster recovery is very important
00:00
because in the event that
00:00
>> somehow your data is destroyed,
00:00
>> you're going to be recovering from a backup.
00:00
Your organization should really consider
00:00
>> what your backup schedule is.
00:00
>> Is the environment backed up
00:00
>> on a daily basis, weekly, monthly?
00:00
>> How often are your backups tested to ensure that you
00:00
>> have adequate restoration of your information
00:00
>> and that those backups themselves aren't corrupted?
00:00
>> Basically, having a disciplined understanding of
00:00
how your business continuity and
00:00
disaster recovery processes operate
00:00
>> is the best way to prevent against data loss
00:00
>> and also to frequently test those backups
00:00
>> to ensure that they restore properly.
00:00
>> Let's reflect a moment.
00:00
What is your data backup schedule?
00:00
How often are you really backing up
00:00
the information in your Cloud environment?
00:00
Another consideration is also
00:00
>> if you're storing your backups in the same environment
00:00
>> as where the Cloud is hosted,
00:00
you may be setting yourself up from a risk of data loss
00:00
if that platform were to go down or become unavailable.
00:00
Often, organizations will store their backups
00:00
>> to an on-premise location
00:00
>> or have another Cloud provider
00:00
>> serve as a redundant backup
00:00
>> in case their main cloud services provider
00:00
>> were to become unavailable.
00:00
Now you have to ask yourself,
00:00
>> do you have an effective backup strategy?
00:00
>> If you're relying on only one Cloud provider
00:00
to manage your backups,
00:00
you really are building in
00:00
a potential single point of failure.
00:00
Even some of the most major Cloud services providers
00:00
have had outages which has resulted in data loss.
00:00
You should take a look at your strategy
00:00
>> and think about, are we well-protected?
00:00
>> What could the potential impact of this be
00:00
>> for our organization?
00:00
>> In summary, we talked about data loss,
00:00
both done to an organization by a threat actor
00:00
>> or caused unintentionally through misconfiguration
00:00
>> or deletion within a Cloud environment.
00:00
We talked about how the impact of data loss
00:00
>> can really be devastating
00:00
>> either to your company's reputation,
00:00
>> or if you're able to stay in business,
00:00
>> or could potentially put you out of business.
00:00
>> Then we talked about various methods
00:00
>> to address the risk of data loss,
00:00
>> namely disaster recovery, effective backup schedule,
00:00
>> and getting rid of single points of failure
00:00
>> when it comes to having backups stored.
00:00
>> I will see you in the next lesson.
Up Next