Where’d you get your information from, ” huh?

Domain Two: Cloud Data Security (Part Three)

Another installment of that Cloud Security, son!

Data Loss Prevention

  • AKA – Data Leakage Prevention
  • DLP – are controls put into place to ensure sensitive data remain under the organization’s control and adheres to Policies, Laws, Regulations and Standard Operating Procedures
  • DLP Controls should detect data exfiltration and ensure compliance

Examples of DLP Systems: https://www.techradar.com/best/best-data-loss-prevention-service

  • Must be configured for your Organization

Trusted Platform Module:

  • Is a physical chip on a host device that stores RSA Encryption Keys specific to that Host
  • Can be virtually abstracted with some Hypervisors but requires a third-party appliance to manage the keys
  • TPM purpose: Provide Whole Drive encryption

Anti-Malware

Examples include:

  • Viruses, Trojans, RootKits
  • Works, Spyware, Ransomware
  • Adware, Crimeware

Examples of Anti-Malware: https://www.pcmag.com/picks/the-best-malware-removal-and-protection-software

Removing Data Remnants (Disposal of Data)

Definitions:

  • Clearing \ Overwriting – rendering data inaccessible by normal means
  • Purging \ Degaussing –rending media unusable

Note: Degaussing is only possible with magnetic media.

  • Destruction – physically and irreversibly destroying the medium containing data (shredding|burning)

What to do when access to physical devices is not possible as such in a Cloud Environment.

  • Crypto Shredding – Encrypting files with a Strong, public algorithm and destroying \ deleting the keys.

Monitoring:

Auditing in the Cloud

  • The CSP should provide detailed logs (see the SLA)
  • Time\Date stamped logs, and when collected
  • Where was the log sent?
  • Requested by whom? Application or Person
  • Type of Event: (e.g., info, warning, critical)
  • Description of the logged event.

Security Information and Event Management (SIEM)

It is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.

  • Collects from multiple sources
  • Alerts predefined Entities, typically a Service Desk (Tier 1,2)
  • Dashboards tools to correlate data
  • Typically include Compliance Tools to assist an Organization in achieved required goals.
  • Retention must be defined or may be predefined based on a selected compliance mechanism.
  • Includes Forensic Analysis methods for examing logs based on defined parameters

Examples of SIEM Tools: https://www.comparitech.com/net-admin/siem-tools/

Liability

Defined – failure to execute due care \ diligence.

  • Data Privacy | Protection
  • Compliance
  • Due Care – Attempt to minimize risk and protect assets (the action taken)
  • Due Diligence – Attempt to understand the risks faced (the research)
  • SLAs – a contract defining the lever of service(s) to be provided. (Legally binding!)

Data Privacy Terms:

  • Data Subject – a person who and be identified or referenced to by specific factor: (SSN, telephone number, IP Address, etc.
  • Personal Data: Personally Identifiable Information (PII) biometrics, health records
  • Processing: the operations performed on PII (recording, collections, storage)
  • Controller: Person|Authority|Agency that defines the means in which data processing correlates with compliance, laws, and regulations
  • Processor: The one designated to process data on behalf of the controller

Note: The Cloud Customer is responsible for the data stored on Cloud Systems. The CSP provides the means and platform and is therefore known as the processor.

References

https://www.isc2.org/Certifications/CCSP

https://resources.infosecinstitute.com/category/certifications-training/ccsp/ccsp-domain-overview/domain-2-cloud-data-security/

#dontcodealone