Oi! TriForceCoders!! As promised, here is another installment of the CCSP series.
Domain Two: Cloud Data Security (Part One)
The Data Security Life Cycle
- Create – The creation, alteration, and updating of created data until removal.
- Store – Committing the created or existing data to a designated location. Typically, pre-defined based on the data type.
- Use – How the data is used and managed.
- Share – How data moves and is used in and out of your Organization
- Archive – How long should data be retained and in what format? (e.g., tape backup, cloud backup)
- Destroy – Method in which data is permanently removed
Actors, Location, and Access
Note: Essential for planning the implementation of Security Controls
- Non-malicious Insiders
- Malicious Outsiders
- External Intruders
- Threat Landscape
- Which Actors are privileged to Data?
- How does data move throughout the Organization?
- Does data move at all?
- Who has access?
- Are there Controls in Place? What are they?
- How is data accessed? Devices?
Note: Combining the above information into a flow \ org chart will give you a high-level overview of your Organization’s Data Security Life Cycle
- Volume Storage – also known as block storage, is storage that is directly attached to the IaaS instance. (e.g., vmdk) Should implement redundancy!
- Object Storage – Cloud based storage like Dropbox, One Drive, S3 buckets in AWS and is not suitable for multiple read/writes.
- Ensure you abide by Federal and Local laws when managing storage.
Note: Ensure you are enforcing data synchronization.
- More suitable for Developers and Databases
PaaS Storage Types:
- Structured: Highly Organized, think relational databases, it’s seamless and easily searchable
- Unstructured: Non-traditional, not row\column based and is geared towards multimedia, and email.
Data Discovery Techniques
Data Discovery: A user-driven process that is used to identify patterns or specific items in a dataset. Data Discovery leverages multiple types of applications and mining techniques to retrieve viable information.
- Metadata – represents that data and defines it attributes
- Labels – the (tag)ging of logical data groups to describe its content
- Content – Self-explanatory
Threats to Data Storage
Note: These are not just limited to Cloud Based storage
- Unauthorized Access \ Use
- Liable due to noncompliance with laws and regulations
- Denial of Services and Distributed DoS
- Corruption, modifications, accidental loss and destruction