Chapter 4 – Cloud Data Security Flashcards
What are the phases of the Data Lifecycle?
Create > Store > Use > Share > Archive > Destroy
What is the purpose of the Create phase?
Defines classification levels.
How should data created remotely be handled?
Data created by the user should be encrypted before uploading to the cloud; protects against MIIM attacks/insider threats at cloud data center; connection should be secure too (IPsec or TLS VPN solution).
How should data created within the cloud be handled?
Should be encrypted upon creation; allows both read and process functions to be performed.
What does the Store phase refer to?
Usually refers to near-term storage; this phase will happen when the data is created (occurs simultaneously).
What security measures should be taken during the Store phase?
Encryption at rest/transit should happen before this phase begins.
What is important during the Use phase?
Platforms used to connect to data in the cloud need to be secure (VPN, IRM, DLP); data owners should restrict permissions; logging and audit trails are important when data are manipulated.
What should be considered when sharing data?
Craft sharing restrictions based on jurisdiction; limit/prevent data being sent to certain locations (export/import controls); implement some form of egress monitoring.
What are ITAR and EAR?
ITAR prohibits defense-related exports; EAR prohibits dual-use items (technologies used for both commercial/military purposes).
What is the Wassenaar Arrangement?
A group of 41 members that have agreed to mutually inform each other about conventional military shipments to nonmember countries; not a treaty, not legally binding.
What is the purpose of the Archive phase?
Phase for long-term storage; cryptography is the essential consideration.
What is crucial for key management in the Archive phase?
Key management is important; if lost, it can lead to exposure or total loss.
What is the only feasible means of destruction?
Crypto shredding is the only feasible and thorough means available.
What is Volume Storage?
Customer is allocated storage space; represented as an attached drive to user’s VM.
What are the threats associated with Volume Storage?
All traditional data storage threats remain; malware, deletion of data, and physical disk failure.
What is Block Storage?
Provides low latency and high-performance values; useful for structured storage.
What are the threats associated with Block Storage?
Requires greater amount of administration; risk of malware is reduced but parasitical viruses can infect specific files.
What is File Storage?
Data stored/displayed with a file structure in a traditional environment (files/folders).
What is Object-Based Storage best used for?
Best used for large unstructured data when durability, unlimited storage, scalability, and metadata management are factors for overall performance.
What are the threats associated with Object-Based Storage?
Risk of malware is reduced but parasitical viruses can infect specific files; loss due to physical disk failure.
What is Ephemeral Storage?
Temporary resource used for processing; referred to as instance store volumes.
What are the threats associated with Ephemeral Storage?
Data will be lost if VM instance is shut down or physical drive fails.
What is Long-Term Storage?
Durable data storage capacity; offered at low cost and large amounts; used for archiving/backups.
What are the threats associated with Long-Term Storage?
Insider threat; intermediary (MiiM attacks); ransomware; vendor lock-in.
What is SAN?
Dedicated high-speed network that interconnects and delivers shared pools of storage devices on multiple servers.
What is iSCSI?
Makes it possible to set up a shared-storage network where multiple servers and clients can access central storage resources.
What is NAS?
Remote storage accessed; hosted by 3rd party service provider.
What do databases provide?
Some structure for stored data; arranged according to characteristics and elements in the data itself.
What is a CDN?
Used for large amounts of data that require time-sensitive communication and low latency.
What are the threats associated with CDN?
Intermediaries; insider threats; malware.
What is Key Management?
How and where encryption keys are stored can affect the risk of data.
What is an HSM?
Device that safely stores and manages encryption keys; used in servers, data transmission, and log files.
What are Key Protection Methods?
Masking, Obfuscation, Anonymization, and Tokenization.
What is DDM?
Dynamic Data Masking: replace sensitive data in transit leaving original at-rest data unaltered.
What is SDM?
Static Data Masking: permanently replaces sensitive data by altering data at rest.
What is Tokenization?
Practice of having two distinct databases: one with live, actual sensitive data; one with nonrepresentational tokens mapped to each piece of that data.
What is SIEM?
Goals implementation of SIEM are to centralize collection of log data; enhance analysis capabilities; dashboarding; automated response.
What is Egress Monitoring?
Examining data as it leaves the production environment; goals include additional security, policy enforcement, enhanced monitoring, and regulatory compliance.