Cloud Data Security Flashcards
What are the common stages of the data lifecycle?
- Create
- Store
- Use
- Share
- Archive
- Destroy
Data created by the user should be ______ before uploading to the cloud or if created within the cloud.
Encrypted
Packet capture, on-path attacks, and insider threats are all prevented by _____.
encryption on data created remotely
______ helps to analyze networks, manage network traffic, and identify network performance issues. It also allows IT teams to detect intrusion attempts, security issues, network misuse, packet loss, and network congestion.
Packet capture
An ________ is when an attacker sits in the middle between two stations and intercepts, and in some cases, changes the information being sent interactively across the network.
On-path attack
What is a means to secure network traffic?
Using TLS (Transport Layer Security) through an HTPPS connection.
- Provisioning access rights
- Securing storage locations
- Protect data thru encryption at rest
Are all security controls that are vital during _____ phase?
Store
What is the set of features an application provides so that a user may supply input to and receive output from the program.
An application interface
What are mechanisms that enable two software components to communicate with each other using a set of definitions and protocols?
APIs
What contains information on how developers are to structure the communication (requests and responses) between two applications?
API documentation
The application sending the request is called the _____, and the application sending the response is called the _____.
Client, server
What is the most popular and flexible APIs found on the web today, where the client sends requests to the server as data, and the server uses this client input to start internal functions and returns output data back to the client.
REST APIs
Data must be protected when it is:
Stored, in transit, and at rest.
- Strong protections in virtualization and shared service implementation
- Ensure data on virtualized host can’t be read/detected by other VHs on same device
- Implement personnel/admin controls so workers can’t access raw cust data
How CSPs ensure they provide secure environments for data use
- Encryption
- IRM
- Tagging and permissions models
- Jurisdiction/legal restrictions (via export or import controls)
- Egress monitoring
Key controls for the Share phase
Export restriction that covers State Department prohibitions on defense-related exports:
International Traffic in Arms Regulations (ITAR)
Export restriction that covers Dept of Commerce prohibitions on dual-use (commercial and military) items:
Export Admin Regulations (EAR)
Import restriction on cryptosystems or encrypted material:
Cryptography
Import restriction where 41 member countries agreed to mutually inform each other about conventional military shipments to non-member countries:
The Wassenaar Arrangement
What are the security considerations for the Archive phase?
Cryptography and key management
Cryptography methodology that uses an algebraic elliptical curve that results in smaller keys that can provide the same level of security as the larger ones:
Elliptical Curve Cryptography
What areas of physical security are important to consider in Archive phase?
Location, format, staff, and procedure.
What is storage specifically designed to be used for extended periods of time?
Long-term storage.
Amazon Glacier, Azure Archive Storage, and Google Coldline and Archive
3 examples of long-term storage