Chapter 10 - 03 - Discuss the Insights of Cloud Security and Best Practices - 08_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 Cloud Security Controls Cloud Application Security It is a set of rules, processes, policies, controls, and techniques used to administer all the data exchange between collaborative cloud platforms High Availability Across Zones A cloud environment for an application has high availability if the application’s services continue during intentional or unintentional network downtimes Cloud Application Security { J 1aas Applications Paas ‘ Applications ) Applications Cloud Security Controls (Cont’d) @ Cloud Integration and Auditing Cloud integration is the process of grouping multiple cloud environments together in the form of a public or hybrid cloud O Cloud auditing is the process of analyzing the services offered by cloud providers and verifying the conformity to requirements for privacy, security, etc. o Q = B |t is a basic security measure implemented in cloud infrastructure to provide security to virtual instances * The security group resides between the Internet and virtual instances to control the inbound and outbound traffic = The cloud-based kill chain model describes the possibilities of using fake Cloud Environment 3 Instance E Cloud Environment 1 Security Groups cloud instances for command and control to exfiltrate data from a cloud environment Cloud Security Controls Cloud security controls protect a cloud environment from any type of vulnerability and minimize the impacts of cyberattacks. These controls may include practices, procedures, guidelines, and policies that are enforced to secure the cloud infrastructure. Module 10 Page 1372 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Virtualization and Cloud Computing Exam 212-82 A few examples of cloud security controls are discussed below. Cloud Application Security Cloud application security is a set of rules, processes, policies, controls, and techniques that administer all the data exchange between collaborative cloud platforms such as Box, Google G Suite, Slack, and Microsoft Office 365. If employees or users store and send data in cloud platforms over the long term, it is mandatory to include a cloudbased solution known as “safety net” in the zero-trust security implementation. Cloud application security is applied to only the application layers of Saa$, 1aaS, and Paas. Cloud Application Security laas PaaS Applications Saas Applications Applications Figure 10.63: Cloud application security Implementing cloud application security prevents exploits such as cross-site scripting (XSS), cross-site request forgery (CSRF), session hijacking, SQL injection, and weak authentication. High Availability Across Zones A cloud environment for an application has high availability if the application’s services continue during intentional or unintentional network downtimes. High availability can be achieved by dividing servers into zones and maintaining network consistency across them. It enables the environment to handle failures in individual availability zones or the network without losing data. It also provides centralized management to monitor network operations and resource utilization. Figure below shows a simplified view of a cloud environment with high availability across zones. Cloud N Environment /’ /. ) /" y / posscssasanss. y : Information m A Application R eescsseem : :. e an 5 E H R —Do - -. =. ‘—l—. : Node 1 =:. \ Sessssssaanane A copy of the