Dreaming of Clouds

Oi! TriForceCoders!! As promised, here is another installment of the CCSP series.

 

Domain Two: Cloud Data Security (Part One)

The Data Security Life Cycle

  • Create – The creation, alteration, and updating of created data until removal.
  • Store – Committing the created or existing data to a designated location. Typically, pre-defined based on the data type.
  • Use – How the data is used and managed.
  • Share – How data moves and is used in and out of your Organization
  • Archive – How long should data be retained and in what format? (e.g., tape backup, cloud backup)
  • Destroy – Method in which data is permanently removed

Actors, Location, and Access

Note: Essential for planning the implementation of Security Controls

Actors:

  • Non-malicious Insiders
  • Malicious Outsiders
  • External Intruders

Location:

  • Jurisdiction
  • Threat Landscape
  • Audit
  • Which Actors are privileged to Data?
  • How does data move throughout the Organization?
  • Does data move at all?

Access:

  • Who has access?
  • Are there Controls in Place? What are they?
  • How is data accessed? Devices?

Note: Combining the above information into a flow \ org chart will give you a high-level overview of your Organization’s Data Security Life Cycle

Storage Architectures

(IaaS)

  • Volume Storage – also known as block storage, is storage that is directly attached to the IaaS instance. (e.g., vmdk) Should implement redundancy!
  • Object Storage – Cloud based storage like Dropbox, One Drive, S3 buckets in AWS and is not suitable for multiple read/writes.
  • Ensure you abide by Federal and Local laws when managing storage.

Note: Ensure you are enforcing data synchronization.

(PaaS)

  • More suitable for Developers and Databases

PaaS Storage Types:

  • Structured: Highly Organized, think relational databases, it’s seamless and easily searchable
  • Unstructured: Non-traditional, not row\column based and is geared towards multimedia, and email.

Data Discovery Techniques

Data Discovery: A user-driven process that is used to identify patterns or specific items in a dataset. Data Discovery leverages multiple types of applications and mining techniques to retrieve viable information.

  • Metadata – represents that data and defines it attributes
  • Labels – the (tag)ging of logical data groups to describe its content
  • Content – Self-explanatory

Threats to Data Storage

Note: These are not just limited to Cloud Based storage

  • Unauthorized Access \ Use
  • Liable due to noncompliance with laws and regulations
  • Denial of Services and Distributed DoS
  • Corruption, modifications, accidental loss and destruction

References

https://www.isc2.org/Certifications/CCSP

https://resources.infosecinstitute.com/category/certifications-training/ccsp/ccsp-domain-overview/domain-2-cloud-data-security/

#dontcodealone