Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 01_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Module Flow Understand Virtualization Essential Concepts and OS Virtualization Security g a4 @ Understand Cloud Computing Fundamentals > ’n = Discuss the Insights of Cloud Security and Best Practices Discuss the Insights of Cloud Security and Best Practices The objective of this section is to explain the shared responsibility of security in different cloud service models (laaS, PaaS, and Saa$). This section explains the enterprise roles in securing the various elements of cloud such as user security and monitoring (e.g., IAM, encryption and key management, application-level security, data storage security, and monitoring), logging, and compliance. This section also explains various enterprises for cloud security. This section security and various cloud security tools. Module 10 Page 1338 security explains the best NIST practices and tools recommendations used by for cloud Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud Security: Shared Responsibility p Cloud security and compliance are the shared responsibility of the cloud provider and Cloud Security : consumer , According to the selected cloud module, security responsibilities are divided based on the shared responsibility model Cloud Provider If the consumers do not secure their functions, the entire cloud security model will fail ‘ T Copyright © by EC AL All Rights Reserved. Reproduction Is Strictly Prohibited. Cloud Security: Shared Responsibility (Cont’d) Shared Responsibility Model for Security in the Cloud Responsibilit o On;Eremises (for reference) SaaS Paas laas (Infrastructure-as-a-service) | (Platform-as-a-serve=ice) | (Software-as-a-service) ion creteasen rrane m 28R A A m 283 234 S m 283 o a 234 o o O ol 24 o o = wesnecwe A28 m ) Customer Responsibility O @ ) Cloud Provider Responsibility Copyright © by EC eIl All Rights Reserved. Reproduction Is Strictly Prohibited. Cloud Security: Shared Responsibility Security is a shared responsibility in cloud systems, wherein the cloud consumers and cloud service providers have varying levels of control over the available computing resources. According to the selected cloud module, security responsibilities are divided based on the shared responsibility model. If the consumers do not secure their functions, the entire cloud security model will fail. Module 10 Page 1339 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud Security Cloud Provider Figure 10.36: Cloud security: Shared responsibility Compared to traditional IT systems, in which a single organization has authority over the complete stack of computing resources and the entire life cycle of systems, cloud service providers and consumers work together to design, build, deploy, and operate cloud-based systems. Therefore, both parties share responsibilities to maintain adequate security in these systems. Different cloud service models (laaS, PaaS, and SaaS) imply varying levels of controls between the cloud service providers and cloud consumers. Shared Responsibility Model for Security in the Cloud Responsibilit P i3/ On-Premises (for reference) laas (Infrastructure-as-a-service) User Access Paas | (Platform-as-a-serve=ice) SaaS | (Software-as-a-service) m m pata s s Ca Caal Applications m m m. Operating System m m.. Network Traffic m... Infrastructure m... S & & O il m Customer Responsibility. Cloud Provider Responsibility Figure 10.37: Shared responsibility model for cloud security Module 10 Page 1340 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Elements of Cloud Security QO Cloud service consumers are responsible for: §’ v’ User security and monitoring (identity and access management % ¥ g (1AM) 8 Information security-data (encryption and key management) v’ Application-level security v’ Data storage security v’ Monitoring, 8, logging, I0ggIng, and compliance p \_ g Y, 2 g O Cloud service providers are responsible for securing the shared infrastructure, including routers, switches, load balancers, firewalls, hypervisors, storage networks, management consoles, DNS, directory services, and cloud % g § £ 5 API| Elements of Cloud Security (Cont’d) Identity and Access Management O QO (IAIM) IAM is the management of the digital identities of users and their rights to access cloud resources Itincludes creating, managing, and removing digital identities, as well as the authorization of users @ e Module 10 Page 1341 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Elements of Cloud Security (Cont’d) Compliance Q Aclear idea about the regulation standards that an organization wants to comply with along with its associated requirements allows organizations benefit from the business agility and growth 0O Compliance considerations for the organizations to integrate their compliance programs with their cloud providers: v" Know the requirements that impact an organization to know about the jurisdictions of an organization, industry, or activities employed by the organization to conduct business v" Conduct regular compliance risk assessments to help the organizations to adopt the updated and revised risk assessment processes regularly v" - Monitoring and auditing the organization compliance program before a crisis hits helps organizations to determine the gaps and improving their compliance position Copyright © by EC-Council All Rights Reserved. Reproduction Is Strictly Prohibited. Elements of Cloud Security (Cont’d) Data Storage Security Q O Inacloud, data are stored on internet-connected servers in data centers and it is the responsibility of data centers to secure the data The data storage security techniques includes local data encryption, key management, strong password management, periodic security assessment of data security controls, cloud data backup, etc. Monitoring O Monitoring is required to manage cloud-based services, applications, and infrastructure O Activity monitoring should observe the activities like data replication, data file name changes, data file classification changes, data ownership changes to monitor unauthorized data access, etc. Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Module 10 Page 1342 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.