Domain 2: Cloud Data Security Flashcards
What are the phases in a secure data lifecycle?
- Create - data is created when it is first entered into a system or modified.
- Store - act of saving data in a retrievable location (e.g. SSD)
- Use - accessing, viewing, processing of data (data handling)
- Share - access to data is granted to others
- Archive - data reaches end of useful life, but still needs to be retained (e.g. legal or compliance); placed in long-term retrievable storage
- Destroy - data is destroyed; overwriting, crypto-shredding, physical destruction (not possible in cloud)
In the Create phase of a secure data lifecycle what are the controls?
- Data Classification
- Done by the creator (e.g. header/footer in a document)
- Done by system owner (e.g. all data stored in an email system is automatically classified as confidential).
In the Store phase of a secure data lifecycle what are the controls?
- Protection for data in transit to storage (TLS, SSH, VPN)
- Location of data storage based on classification - governed by policies and procedures
- Access Controls (determining who has access, how it is granted)
- Encrypting data at rest
- Backups to preserve integrity and availability
In the Use phase of a secure data lifecycle what are the controls?
- Data Loss Prevention (DLP) controls
- Information Rights Management (IRM)
- System access controls
- Network monitoring tools
- Logging and Monitoring
In the Share phase of a secure data lifecycle what are the controls?
- Proactive Access controls (role-based auths, access granting)
- Reactive Access Controls - DLP, IRM, access review
In the Archive phase of a secure data lifecycle what are the controls?
- Similar controls to Storage phase
- Additionally, periodic encryption key rotation needed
- Risk of storage medium/format becoming degraded or obsolete (affects integrity/availability)
What is Data Dispersion?
Data Dispersion used in cloud computing, refers to breaking data into smaller chunks and storing them across different physical storage devices.
What is Erasure Coding?
- Similar to the idea of parity bit coding
- Ability to reconstruct a lost segment of data from other segments and parity bits.
- Like solving for an unknown in algebra.
What are the benefits/tradeoffs of Data Dispersion and Erasure Coding?
- Increases availability (if there is a failure of a single disk, data can be reconstructed)
- Decreases risk of compromise (if one segment of data is compromised not all is lost)
Downsides
- ensuring that data location does not violate data residency requirements.
- Additional latency needed to reconstruct data.
What are the storage types in an IaaS?
- Ephemeral - (e.g. EC2 Instance Store) - on the same physical host as the instance. Only exists for the lifetime of the VM. Faster access. Typically used for cache buffers, system files and memory swap files.
- Raw: Raw Device Mapping (RDM) - VMs access a particular portion of overall storage (marked by a Logical Unit Number) allocated to them.
- Long-term: Durable, persistent storage - for data archiving - e.g. S3/Glacier
- Volume: like a traditional drive and Stores data in blocks e.g. EBS.
- Object: like windows file server, for unstructured data (music, video files); data is stored as objects e.g. S3
What are the storage types in a PaaS?
- Disk- may be volume or object store
- Databases - both a storage and a PaaS offering
- Binary Large Object (blob): for unstructured data; e.g. S3; access via URLs.
What are the storage type in SaaS?
- Information storage and management; user enters data, SaaS stores in a databased managed by the CSP.
- Content and file storage (e.g. content sharing apps, ticketing systems with allow file attachments)
- Content delivery network
What are threats to the cloud storage types?
- Unauthorized Access
- Unauthorized Provisioning - shadow IT
- Regulatory noncompliance - cloud services not meeting regulator requirements such as encryption algorithms.
- Jurisdictional - data crossing borders
- Denial of Service
- Data corruption or destruction
- Theft or media loss
- Malware or ransomware
- Improper disposal of media
What is the Kerckhoff’s principle?
A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
What are the stages in the lifecycle of a cryptographic key?
Same as data lifecycle.
- Create - use strong random number generators
- Store - encrypted and stored in key vault
- Use - access control and accountability
- Share - not common, but using PKI to share symmetric keys
- Archive - keys no longer needed for routine use, but needed for older encrypted data
- Destroy - destruction of keys no longer needed.
What are the various levels of encryption options?
- Storage level encryption - encryption as data is written to storage with keys controlled by CSP; normally protects data in case of theft of storage device
- Volume level encryption - encryption as data is written to volume attached to instance; only be accessed through the OS; keys controlled by customer; protects against theft, external admin access and storage level exfiltration.
-
Object level encryption - can use the following types
- File level encryption - e.g. MS Word/Adobe PDF using passwords or an IRM system; client encrypts
- Application level encryption - application encrypts data before writing to object store
- Database level encryption - maybe either file level (e.g. whole database file) or transparent encryption by the DBMS which encrypts specific columns or whole tables.
What is hashing?
- One-way encryption used to verify integrity of data.
- Used as part of digital signatures
- Digital signatures verify both authenticity and integrity of a message.
- Secure Hashing Algorithm (SHA3) is an example of a hashing algorithm approved by FIPS in its Secure Hash Standard (SHS).
What is masking?
- Obfuscation of part of the data to keep it secure.
- For e.g. displaying just the last 4 digits of the SSN.
What is tokenization?
- Non-sensitive representation of sensitive data.
- Token is a substitute.
- Normally managed via a tokenization service (which implements access controls).
What controls comprise Data Loss Prevention?
- Detective Controls (identify where sensitive data is being stored and used)
- Preventative Controls (enforcing policy requirements on the storage and use of sensitive data
- Corrective (displaying alert to user informing them of policy violation and preventing inappropriate actions).
What are the major components of a DLP?
- Discovery
- Monitoring
- Enforcement
What happens in the Discovery phase of the DLP?
- Identify, categorize and inventory data assets.
- Typically using network scans (IP address range, domain search)
- Data scan to identify sensitive info (eg. SSN or “Confidential” tags, or PII/PHI or Payment Info)