3.6 Given a Scenario, apply Cybersecurity Solutions to the cloud Flashcards
High availability and high availability across zones.
High availability indicates a system or service remains operational with almost zero downtime. It’s typically achieved by using multiple load-balancing nodes. High availability across zones indicates that the nodes are located in different cloud locations, such as separate geographic locations. If one node fails, other nodes can take on its load.
Resources policies
In this context, resources refer to cloud-based resources such as folders, projects, and virtual machine instances. Customers rent access to resources, and the CSP resource policies ensure customers don’t create more resources than their plan allows.
secret’s management
Secrets refer to passwords and encryption keys that users create. A secrets management system stores and manages secrets, including keeping them secure.
Integration and auditing.
The CSP integrates security controls into the cloud-based resources, and auditing methods help customers identify the effectiveness of security controls at protecting the confidentiality, integrity, and availability of cloud-based resources.
Storage
Cloud-based storage allows customers to store data in the cloud. AWS stores data in buckets. Google uses Google Drive and allows users to store files in a hierarchical format similar to folders in Windows.
Permissions
Permissions identify who can access the data. While the processes differ with different CSPs, the concepts are similar to file system permissions
Encryption.
Encryption protects the confidentiality of data, and CSPs commonly provide encryption services. This prevents unauthorized personnel from accessing data.
Replication
Data replication is the process of creating a copy of data and storing it in a different location. For example, you can replicate data on a desktop computer to a removable drive. Cloud data replication creates a copy of data in the cloud.
High availability
High availability indicates a system or service remains operational with almost zero downtime.
Networks
CSPs provide entire networks to organizations that need them.
Virtual Networks
A CSP creates virtual networks for customers that need them. These typically use software-defined network technologies (described later in this chapter) instead of physical routers and switches. A single server can host an entire virtual network.
Public and private subnets.
Public subnets have public IP addresses and are accessible via the Internet. Private subnets have private IP addresses and aren’t directly accessible via the Internet. Organizations typically use screened subnets for any public subnets that need to be accessible via the Internet. Virtual networks can mimic this design with both public and private subnets.
Segmentation.
Just as local networks support segmentation with virtual local area networks (VLANs) and screened subnets, cloud-based networks can segment computers or networks.
API inspection and integration
Compute
The CSPs compute engine lets customers create and run a variety of solutions from single websites to full virtual networks