Cloud Security Flashcards
What is Hyperconverged Infrastructure ?
The full integration of the storage network and servers into the cloud without having to perform hardware changes
What is a VDI?
Virtual Desktop Infrastructure -
Allows a cloud provider to offer a full desktop OS to an end user from a centralized server
This desktop is non persistent meaning it is destroyed as soon as the user logs off mitigating the risk of being exploited by an attacker
What do secure enclaves and volumes do?
Keep stored data confidential and separated from the other logical servers
What is a secure enclave?
A mechanism that utilizes two distinct areas that data may be stored and accessed from
What is a secure volume?
Method for keeping data a rest secure from prying eyes. When the data is needed, a secure volume is mounted and decrypted to allow access then is unmounted when no longer needed
What is multi tenancy ?
A term in cloud computing that refers to your data being hosted on the same physical server as another organization’s data.
How can you best mitigate cloud security threats?
- Configure, manage and audit user access to virtualize servers
- Set up virtual servers with proper fail over, redundancy and elasticity (balance the load across several physical machines)
- Complex passwords and strong authentication
- Encryption of data for in use and after deprovisioning
What is Saas?
Software as a Service - provides remote access to applications based on a monthly or annual subscription fee
What is IaaS?
Infrastructure as a Service - cloud computing service model in which clients, instead of buying all the hardware and software, purchase computing resources as an outsourced service from suppliers who own and maintain all the necessary equipment and software?
What is PaaS?
Platform as a Service - complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications.
What is SECaaS?
Security as a Service - provides various types of security services without needing to hire a cybersecurity staff
What is Sandboxing?
Utilizing separate virtual networks to allow security professionals to test suspicious files or malware
What is CASB?
Cloud Access Security Broker - security policy enforcement software tool or service placed between cloud service users and cloud applications?
What is CSA?
Cloud Security Alliance - nonprofit organization promoting best practices related to cloud computing environments
What is CCM?
Cloud Controls Matrix - cybersecurity control framework for cloud computing