Security II Flashcards
CSPs build clouds not only on a technical level but also on a level of trust and security (T/F)
True
CSPs have to build trust by providing a reliable and secure environment (T/F)
True
What is the user’s role in security?
You own the data thus it is your responsibility to protect your data and yourself from noisy neighbors and threat vectors.
Trust the vendor to do everything (T/F)
False
Rely on vendor security measures as your be-all end-all (T/F)
Flase
Don’t discount your on-prem infrastructure (T/F)
True
Why is securing on-prem important?
It has direct links to the cloud and is often forgotten. Addressing internal threats might require additional personnel.
What are some common pillars of trust between CSP and customer?
Security Privacy Control Compliance Transparency
What is Security and what are some examples?
The ability to safeguard data and access. Examples are: Encryption, Data Retention, Internal Policies, Antivirus, Identity Management, Access Management, Logging.
What is Privacy?
Ensuring your data is only used for the purposes defined in policies and preventing unauthorized use and access.
What is Control?
Controlling the exchange, flow, and retention of data as well as authorization and auditing.
What is Compliance?
Ensuring compliance with industry standards.
What is Transparency?
Considered the most important pillar, it is the honesty, openness, and accountability of the provider. Examples: describe data safeguards, security measures, policies on data, security and access.
What are security standards for SaaS?
CSP: Secure infrastructure, secure OS, application layer, secure data between CSP and customer.
Customer: Control data, control access.
What are security standards for PaaS?
CSP: Secure infrastructure, secure OS, application layer, secure data between CSP and customer.
Customer: Control data, control access, control all code and development environment settings.
