Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 01_ocred_fax_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
EG-Council
Tags
Related
- Certified Cybersecurity Technician Exam 212-82 PDF
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 01_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 02_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 09_ocred.pdf
- Chap 10 - 01 - Understand Virt Essential Concepts and OS Virt Security - 06_ocred_fax_ocred.pdf
- Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 09_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Module Flow Understand Virtualization Essential Conce...
Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Module Flow Understand Virtualization Essential Concepts and OS Virtualization Security Y @’n ,@H he = and Best Practices Discuss the Insights of Cloud Security and Best Practices The objective of this section is to explain the shared responsibility of security in different cloud service models (laaS, PaaS, and SaaS). Saa$). This section explains the enterprise roles in securing the various elements of cloud such as user security and monitoring (e.g., IAM, encryption and key management, application-level security, data storage security, and monitoring), logging, and compliance. This section also explains various security best practices and tools used by enterprises for cloud security. This section explains the NIST recommendations for cloud security and various cloud security tools. Module 10 Page 1338 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Cloud Security: Shared Responsibility p Cloud security and compliance are the shared Cloud Security responsibility of the cloud provider and : consumer , According to the selected cloud module, security responsibilities are divided based on the shared responsibility model Cloud Provider If the consumers do not secure their functions, the entire cloud security model will fail ‘ T Copyright © by EC AL All Rights Reserved. Reproduction Is Strictly Prohibited. Cloud Security: Shared Responsibility (Cont’d) Shared Responsibility Model for Security in the Cloud On;Eremises laas Paas SaaS Responsibilit - o (for reference) (Infrastructure-as-a-service) | (Platform-as-a-serve=ice) | (Software-as-a-service) m m m 234 ion 28R 283 283 o creteasen A 234 o o rrane A S a O wesnecwe A28 ) O ) ol 24 o o = m Customer Responsibility @ Cloud Provider Responsibility Copyright © by EC eIl All Rights Reserved. Reproduction Is Strictly Prohibited. Cloud Security: Shared Responsibility Security is a shared responsibility in cloud systems, wherein the cloud consumers and cloud service providers have varying levels of control over the available computing resources. According to the selected cloud module, security responsibilities are divided based on the shared responsibility model. If the consumers do not secure their functions, the entire cloud security model will fail. Module 10 Page 1339 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Cloud Security Cloud Provider Figure 10.36: Cloud security: Shared responsibility Compared to traditional IT systems, in which a single organization has authority over the complete stack of computing resources and the entire life cycle of systems, cloud service providers and consumers work together to design, build, deploy, and operate cloud-based systems. Therefore, both parties share responsibilities to maintain adequate security in these systems. Different cloud service models (laaS, PaaS, and SaaS) imply varying levels of controls between the cloud service providers and cloud consumers. Shared Responsibility Model for Security in the Cloud Responsibilit On-Premises laas Paas SaaS P i3/ (for reference) (Infrastructure-as-a-service) | (Platform-as-a-serve=ice) | (Software-as-a-service) User Access m m pata s s Ca Caal Applications m m m. Operating System m m.. Network Traffic m... Infrastructure m... il S & & O m Customer Responsibility. Cloud Provider Responsibility Figure 10.37: Shared responsibility model for cloud security Module 10 Page 1340 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Elements of Cloud Security QO Cloud service consumers are responsible for: §’ v’ User security and monitoring (identity and access management % (1AM) 8 ¥ Information security-data (encryption and key management) g v’ Application-level security g v’ Data storage security \_ v’ Monitoring, 8, logging, I0ggIng, and compliance p Y, 2 g O Cloud service providers are responsible for securing the % shared infrastructure, including routers, switches, load g balancers, firewalls, hypervisors, storage networks, § management consoles, DNS, directory services, and cloud £ 5 API| Elements of Cloud Security (Cont’d) Identity and Access Management (IAIM) O IAM is the management of the digital identities of users and their rights to access cloud resources QO Itincludes creating, managing, and removing digital identities, as well as the authorization of users @ e Module 10 Page 1341 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Virtualization and Cloud Computing Elements of Cloud Security (Cont’d) Compliance Q Aclear idea about the regulation standards that an organization wants to comply with along with its associated requirements allows organizations benefit from the business agility and growth 0O Compliance considerations for the organizations to integrate their compliance programs with their cloud providers: v" Know the requirements that impact an organization to know about the jurisdictions of an organization, industry, or activities employed by the organization to conduct business v" Conduct regular compliance risk assessments to help the organizations to adopt the updated and revised risk assessment processes regularly - v" Monitoring and auditing the organization compliance program before a crisis hits helps organizations to determine the gaps and improving their compliance position Copyright © by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited. Elements of Cloud Security (Cont’d) Data Storage Security Q Inacloud, data are stored on internet-connected servers in data centers and it is the responsibility of data centers to secure the data O The data storage security techniques includes local data encryption, key management, strong password management, periodic security assessment of data security controls, cloud data backup, etc. Monitoring O Monitoring is required to manage cloud-based services, applications, and infrastructure O Activity monitoring should observe the activities like data replication, data file name changes, data file classification changes, data ownership changes to monitor unauthorized data access, etc. Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module 10 Page 1342 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
