Domain Two: Cloud Data Security (Part Three)
Another installment of that Cloud Security, son!
Data Loss Prevention
- AKA – Data Leakage Prevention
- DLP – are controls put into place to ensure sensitive data remain under the organization’s control and adheres to Policies, Laws, Regulations and Standard Operating Procedures
- DLP Controls should detect data exfiltration and ensure compliance
Examples of DLP Systems: https://www.techradar.com/best/best-data-loss-prevention-service
- Must be configured for your Organization
Trusted Platform Module:
- Is a physical chip on a host device that stores RSA Encryption Keys specific to that Host
- Can be virtually abstracted with some Hypervisors but requires a third-party appliance to manage the keys
- TPM purpose: Provide Whole Drive encryption
- Viruses, Trojans, RootKits
- Works, Spyware, Ransomware
- Adware, Crimeware
Examples of Anti-Malware: https://www.pcmag.com/picks/the-best-malware-removal-and-protection-software
Removing Data Remnants (Disposal of Data)
- Clearing \ Overwriting – rendering data inaccessible by normal means
- Purging \ Degaussing –rending media unusable
Note: Degaussing is only possible with magnetic media.
- Destruction – physically and irreversibly destroying the medium containing data (shredding|burning)
What to do when access to physical devices is not possible as such in a Cloud Environment.
- Crypto Shredding – Encrypting files with a Strong, public algorithm and destroying \ deleting the keys.
Auditing in the Cloud
- The CSP should provide detailed logs (see the SLA)
- Time\Date stamped logs, and when collected
- Where was the log sent?
- Requested by whom? Application or Person
- Type of Event: (e.g., info, warning, critical)
- Description of the logged event.
Security Information and Event Management (SIEM)
It is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.
- Collects from multiple sources
- Alerts predefined Entities, typically a Service Desk (Tier 1,2)
- Dashboards tools to correlate data
- Typically include Compliance Tools to assist an Organization in achieved required goals.
- Retention must be defined or may be predefined based on a selected compliance mechanism.
- Includes Forensic Analysis methods for examing logs based on defined parameters
Examples of SIEM Tools: https://www.comparitech.com/net-admin/siem-tools/
Defined – failure to execute due care \ diligence.
- Data Privacy | Protection
- Due Care – Attempt to minimize risk and protect assets (the action taken)
- Due Diligence – Attempt to understand the risks faced (the research)
- SLAs – a contract defining the lever of service(s) to be provided. (Legally binding!)
Data Privacy Terms:
- Data Subject – a person who and be identified or referenced to by specific factor: (SSN, telephone number, IP Address, etc.
- Personal Data: Personally Identifiable Information (PII) biometrics, health records
- Processing: the operations performed on PII (recording, collections, storage)
- Controller: Person|Authority|Agency that defines the means in which data processing correlates with compliance, laws, and regulations
- Processor: The one designated to process data on behalf of the controller
Note: The Cloud Customer is responsible for the data stored on Cloud Systems. The CSP provides the means and platform and is therefore known as the processor.