Cloud Security Flashcards
Hyperconvergence
an IT framework that combines storage, computing, and networking into a single system that can reduce data center complexity and increase scalability
Virtual Desktop Infrastructure: VDI
VDI allows a cloud provider to offer a full desktop operating system to an end user from a centralized server
Secure Enclaves
Secure Enclaves:
All data is encrypted in memory and decrypted only while being used inside the CPU. The data is still completely protected, even if the operating system, hypervisor or root user are compromised.
Security as a Service: SECaaS
Provides your organization with various types of security services without the need to maintain a cybersecurity staff
Sandboxing
cybersecurity practice where you run and analyze code in a virtual network that mimics end-user operating environments.
Virtual Private Cloud: VPC
private cloud within a public cloud made available to a single cloud consumer within a public cloud
Cloud Access Security Broker: CASB
sits between cloud service users and cloud applications, and monitors all activity and enforces security policies.
Cloud access security broker - CASB: Forward Proxy vs reverse proxy
A reverse proxy is a server that sits in front of one or more web servers, intercepting, checking, and approving requests from clients. This is different from a forward proxy, where the proxy sits in front of the clients.
Reverse proxy is positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with policy
Cloud access security broker - CASB: API
Application Programming Interface:
A method that uses the brokers connections between the cloud service and the cloud consumer
Application Programming Interface - API
A library of programming utilities used to enable software developers to access functions of another application
APIs allow for the automated administration, management, and monitoring of a cloud service
Function as a Service: FaaS
A cloud service model that supports serverless software architecture by provisioning runtime containers in which code is executed in a particular programming language
Serverless
A software architecture that runs functions within virtualized runtime containers in a cloud rather than on server
Cloud Threats: Insecure API
API must only be used over an encrypted channel (HTTPS)
Data received by an API must pass service-side validation routines
Implement throttling/rate-limiting mechanisms to protect from a DoS
Cloud Threats: Improper Key Management
APIs should use secure authentication and authorization before accessing data
Do not create one key with full control to access an application’s functions
Cloud Threats: Insufficient Logging/Monitoring
WARNING: Software as a service may not supply access to log files or monitoring tools
Logs must be copied to non-elastic storage for long-term retention
