3.6 Cloud Security

Question 1

Define AZ and its relation to high-availability (2)

Answer 1

1. Availability Zones - the region cloud-services are provided from, i.e. North America, South America, etc..
2. Having applications, resources, located in or mirrored to different AZs ensures continued function in case of a regional disaster

Question 2

Define Resource Policies in relation to the cloud

Answer 2

Ability to control who has access to cloud resources

Question 3

Define secrets management in relation to cloud resources

Answer 3

Different cloud resources often require secrets in config files and these need to be managed in a central location with the ability to control who has access to them

Question 4

What can be implemented to provide integration and auditing capabilities for the cloud?

Answer 4

SIEM

Question 5

Cloud storage security considerations

Answer 5

1. Countries have different regulations regarding storage of data that must be adhered to
2. Private data stored in the cloud may be accessible to third-party employees and encryption should be considered

Question 6

Define CASB

Answer 6

Cloud-access security broker

Question 7

4 Cornerstones of CASB (VDTC)

Answer 7

1. Visibility - identifies all cloud services in use
2. Data security - secures data traveling to, within and stored in the cloud
3. Threat protection - behavior based identification of threats
4. Compliance - allows creation of policies to adhere to regulatory standards, such as HIPAA or PCI

Question 8

Define SWG

Answer 8

Next-Gen secure web gateway, provides more detail than a secure web gateway, application layer