Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
157 Cards in this Set
- Front
- Back
|
Cloud Computing |
Cloud service providers deliver computing services to their customers over the internet. The big 3 are AWS, Microsoft Azure, and Google Cloud Platform |
|
|
Oversubscription |
A shared pool of resources that may be configured for different purposed by different users. Not everyone will use all their resources at the same time and it achieves economies of scale. |
|
|
Multitenancy |
Many different users share resources in the same cloud infrastructure. The same physical hardware might support the workloads and storage needs of many different customers, all whom operate without any knowledge of or interaction with their fellow customers. |
|
|
On Demand Self Service Computing |
Benefit of the cloud, cloud resources are available when and where you need them. |
|
|
Scalability |
Customers can manually or automatically increase the capacity of their operations. |
|
|
Vertical scaling |
Increases the capacity of existing servers. Just like opening up a server and adding physical hardware in an on-premise situation |
|
|
Horizontal Scaling |
Adds more servers to a pool of clusters servers. This can be done very quick and easy and can replicate existing servers |
|
|
Elasticity |
Capacity should expand and contract as needs change to optimize costs. |
|
|
Measured Service |
Everything you do in the cloud is measured by the service provider. All the information about your usage allows the provider to bill you for exactly what you used. |
|
|
Agility and Flexibility |
The speed to provision cloud resources and the ability to use them for short periods of time lends tremendous agility and flexibility |
|
|
Cloud Service Providers |
Are the firms that offer cloud computing services to their customers |
|
|
Cloud Consumers |
The organizations and individuals who purchase cloud services from cloud service providers |
|
|
Cloud Partners/Brokers |
Organizations that offer companion products or services that support or integrate with the offerings of a cloud service provider |
|
|
Cloud Auditors |
Independent organizations that provide third party assessments of cloud services and operations. They provide a general assessment of a cloud environment or focus on security controls |
|
|
Cloud Carriers |
Serve as the intermediaries that provide the connectivity that allows the delivery of cloud services from providers to consumers |
|
|
IaaS |
Infrastructure as a Service. Allow customers to purchase and interact with the basic building blocks of a technology infrastructure. These include computing, storage, and networks. Customers can customize the components of hardware to meet their needs |
|
|
SaaS |
Software as a Service provide customers with access to a fully managed application running in the cloud. The provider is responsible for everything from the operation of the physical data centers to the performance management of the application itself. The customer is only responsible for the limited configuration of the application and the application provided access controls |
|
|
PaaS |
Platform as a Service, is the middle ground of IaaS and SaaS. The service provider offers a platform where customers may run applications that they have developed themselves. |
|
|
FaaS |
Function as a Service, falls under PaaS and allows customers to upload their own code functions to the provider and then the provider will execute those functions on a scheduled basis, in response to events, and/or on demand |
|
|
Serverless Computing |
Do not expose customers to the actual server instances executing their code. It is a misnomer because servers are being used but in a manner that is transparent to the customer |
|
|
MSP |
Managed service provider are services organizations that provide information technology as a service to their customers. They may handle an organization’s IT needs completely, or offer focused services |
|
|
MSSP |
Managed security service provider which are services offered to include security monitoring, vulnerability management, incident response, and firewall management |
|
|
Public Cloud |
Public cloud service providers deploy infrastructure and then make it accessible to any customers who wish to take advantage of it in a multi tenant model. This is AWS, Azure, GCP |
|
|
Private Cloud |
Describes any cloud infrastructure that is provisioned for use by a single customer. These tend to have excess unused capacity to support peak demand and are not as cost effective as public clouds |
|
|
Community Cloud |
A service that shares characteristics of both the public and private models. Run in a multi tenant environment, but the tenants are limited to members of a specifically designed community. Membership is normally defined based on shared mission, similar security and compliance requirements, or other commonalities |
|
|
Hybrid Cloud |
A catch-all term used to describe cloud deployments that blend public, private, and/or community cloud services together. It requires technology that unifies the different cloud offerings into a single coherent platform |
|
|
Shared Responsibility Model |
Cloud customers must divide responsibilities between one or more service providers and the customers’ own cybersecurity teams. IaaS: ISP is responsible for Datacenter and hardware. Customer is responsible for Operating System, Application and Data PaaS: ISP is responsible for Datacenter, hardware, and Operating System. Shared responsibility of the Application and the Customer has sole responsibility of Data SaaS: ISP is responsible for everything except a shared responsibility for the Data |
|
|
CSA |
Cloud Security Alliance is an industry organization focused on developing and promoting best practices in cloud security. |
|
|
CCM |
Cloud Controls matrix is a reference document designed to help organizations understand the appropriate use of cloud security controls and map this controls to various regulatory standards |
|
|
Edge Computing |
Addresses the issue of sensors sending data to the cloud for complete processing. Instead it places some processing power on the remote sensors allowing them to preprocess data before shipping it back to the cloud |
|
|
Edge Computing |
Addresses the issue of sensors sending data to the cloud for complete processing. Instead it places some processing power on the remote sensors allowing them to preprocess data before shipping it back to the cloud |
|
|
Virtualization |
Technology that allows multiple guest systems to share the same underlying hardware |
|
|
Edge Computing |
Addresses the issue of sensors sending data to the cloud for complete processing. Instead it places some processing power on the remote sensors allowing them to preprocess data before shipping it back to the cloud |
|
|
Virtualization |
Technology that allows multiple guest systems to share the same underlying hardware |
|
|
Hypervisor |
Primary responsibility is to isolate virtual machines. This ensures that virtual machines do not interfere with each other’s operations as well as not be able to access or alter information or resources assigned to another virtual machine |
|
|
Type 1 Hypervisor |
Also known as a bare metal hypervisor, operates directly on top of the underlying hardware. Most commonly used in datacenter virtualization because it is highly efficient. |
|
|
Type 1 Hypervisor |
Also known as a bare metal hypervisor, operates directly on top of the underlying hardware. Most commonly used in datacenter virtualization because it is highly efficient. |
|
|
Type 2 Hypervisor |
Runs as an application on top of an existing operating system. The operating system supports the Hypervisor y and the hypervisor requests resources for each guest operating system from the host operating system. This is most commonly used on personal computers and is less efficient due to the consumption of more resources |
|
|
Type 1 Hypervisor |
Also known as a bare metal hypervisor, operates directly on top of the underlying hardware. Most commonly used in datacenter virtualization because it is highly efficient. |
|
|
Type 2 Hypervisor |
Runs as an application on top of an existing operating system. The operating system supports the Hypervisor y and the hypervisor requests resources for each guest operating system from the host operating system. This is most commonly used on personal computers and is less efficient due to the consumption of more resources |
|
|
Virtualized Servers |
Virtual machines are the basic building block of compute capacity in the cloud. Organizations provision servers running most common OS’s with the specific number of CPU cores, amount of RAM, and storage capacity in order to meet business requirements. Organizations are charged on an hourly rate based on the resources acquired. You can interact with it the same as a physical server by SSH with Linux or RDP for Windows |
|
|
Containers |
Provide application level virtualization. Instead of creating complex virtual machines that require their own OS’s, containers package applications and allow them to be treated as units of virtualization that become portable across operating systems and hardware platforms |
|
|
Block Storage |
Allocates large volumes of storage for use by virtual server instances. These volumes are then formatted as virtual disks by the OS on those server instances and used as they would a physical drive |
|
|
Block Storage |
Allocates large volumes of storage for use by virtual server instances. These volumes are then formatted as virtual disks by the OS on those server instances and used as they would a physical drive |
|
|
Object Storage |
Provides customers with the ability to place files in buckets and treat each file as an independent entity that may be accessed over the web or through the provider’s API. It hides the storage details from the user. More cost effective |
|
|
SDN |
Software Defined Networking allows engineers to interact with and modify cloud resources through API’s |
|
|
SDN |
Software Defined Networking allows engineers to interact with and modify cloud resources through API’s |
|
|
SDV |
Software Defined Visibility offers insight into the traffic on virtual networks |
|
|
Security Groups |
Providers meet the need for firewalls by defining permissible network traffic. They consist of a set of rules for network traffic that are substantially the same as a firewall rule set |
|
|
VPC |
Virtual Private Cloud are similar to a physical VLAN to achieve segmentation. It allows you to group systems into subnets and designate those subnets as public or private depending on whether access to them is permitted from the internet |
|
|
VPC |
Virtual Private Cloud are similar to a physical VLAN to achieve segmentation. It allows you to group systems into subnets and designate those subnets as public or private depending on whether access to them is permitted from the internet |
|
|
Segmentation |
One of the core concepts of network security. It offers engineers to place systems of differing security levels and functions on different network subnets |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
Auditability |
Is an important component of cloud governance. Contracts should include language guaranteeing the right of the customer to audit cloud service providers. This is essential to Provo using customers the assurance that the provider is operating in a secure manner and meeting its contractual data protection obligations |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
Auditability |
Is an important component of cloud governance. Contracts should include language guaranteeing the right of the customer to audit cloud service providers. This is essential to Provo using customers the assurance that the provider is operating in a secure manner and meeting its contractual data protection obligations |
|
|
CASB |
Cloud Access Security Broker is a software tool that serve as intermediaries between cloud service user and cloud service providers. This positioning allows them to monitor user activity and enforce policy requirements. |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Inline CASB |
Physically or logically reside in the connection path between the user and the service. This is done through a hardware appliance or an endpoint agent that routes request through the CASB. It provides the advantage of seeing a request before they are sent to the cloud service, allowing the CASB to block requests that violate policies |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
Auditability |
Is an important component of cloud governance. Contracts should include language guaranteeing the right of the customer to audit cloud service providers. This is essential to Provo using customers the assurance that the provider is operating in a secure manner and meeting its contractual data protection obligations |
|
|
CASB |
Cloud Access Security Broker is a software tool that serve as intermediaries between cloud service user and cloud service providers. This positioning allows them to monitor user activity and enforce policy requirements. |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Inline CASB |
Physically or logically reside in the connection path between the user and the service. This is done through a hardware appliance or an endpoint agent that routes request through the CASB. It provides the advantage of seeing a request before they are sent to the cloud service, allowing the CASB to block requests that violate policies |
|
|
API-based CASB |
A solution that does not interact directly with the user but rather interact directly with the cloud provider through the provider’s API. This approach provides direct access to the cloud service and does not require user device configuration. It doesn’t allow the CASB to block requests that violate policy it is limited to monitoring activity and reporting policy violations |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
Auditability |
Is an important component of cloud governance. Contracts should include language guaranteeing the right of the customer to audit cloud service providers. This is essential to Provo using customers the assurance that the provider is operating in a secure manner and meeting its contractual data protection obligations |
|
|
CASB |
Cloud Access Security Broker is a software tool that serve as intermediaries between cloud service user and cloud service providers. This positioning allows them to monitor user activity and enforce policy requirements. |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Inline CASB |
Physically or logically reside in the connection path between the user and the service. This is done through a hardware appliance or an endpoint agent that routes request through the CASB. It provides the advantage of seeing a request before they are sent to the cloud service, allowing the CASB to block requests that violate policies |
|
|
API-based CASB |
A solution that does not interact directly with the user but rather interact directly with the cloud provider through the provider’s API. This approach provides direct access to the cloud service and does not require user device configuration. It doesn’t allow the CASB to block requests that violate policy it is limited to monitoring activity and reporting policy violations |
|
|
Resource Policies |
Cloud providers offer so that customers may use to limit the actions that users of their accounts may take. It is a good security standard to protect against accidental command, a compromised account, or a malicious insider |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
Auditability |
Is an important component of cloud governance. Contracts should include language guaranteeing the right of the customer to audit cloud service providers. This is essential to Provo using customers the assurance that the provider is operating in a secure manner and meeting its contractual data protection obligations |
|
|
CASB |
Cloud Access Security Broker is a software tool that serve as intermediaries between cloud service user and cloud service providers. This positioning allows them to monitor user activity and enforce policy requirements. |
|
|
VPC Endpoints |
Allow the connection of VPCs to each other using the cloud providers secure network backbone |
|
|
Inline CASB |
Physically or logically reside in the connection path between the user and the service. This is done through a hardware appliance or an endpoint agent that routes request through the CASB. It provides the advantage of seeing a request before they are sent to the cloud service, allowing the CASB to block requests that violate policies |
|
|
API-based CASB |
A solution that does not interact directly with the user but rather interact directly with the cloud provider through the provider’s API. This approach provides direct access to the cloud service and does not require user device configuration. It doesn’t allow the CASB to block requests that violate policy it is limited to monitoring activity and reporting policy violations |
|
|
Resource Policies |
Cloud providers offer so that customers may use to limit the actions that users of their accounts may take. It is a good security standard to protect against accidental command, a compromised account, or a malicious insider |
|
|
HSM |
Hardware Security Modules are computing devices that manage encryption keys and also perform cryptographic operations in a highly efficient manner. They are expensive but offer an extremely high level of security. They can create and manage encryption keys without exposing them to a single human being. Cloud service providers use them use them intentionally for the management of their own encryption keys and offer HSM services to customers |
|
|
Cloud Transit Gateways |
Extend the VPC endpoints further by allowing the direct interconnection of cloud VPCs with on premises VLANs for hybrid cloud operations |
|
|
DevOps |
This approach to development brings together development and operations teams in a unified process where they work together in an agile approach to software development. |
|
|
IaC |
Infrastructure as Code is one of the key enabling technologies behind the DevOps movement and is also a crucial advantage of cloud computing services integration. It is the process of automating the provisioning, management, and deprovisioning of infrastructure services through scripted code rather than human intervention. It is a key feature in all major IaaS environments |
|
|
Data Sovereignty |
Is a principle that states that data is subject to the legal restrictions of any jurisdiction where it is collected, stored, or processed. Under this principle, a customer might wind up subject to legal requirements of a jurisdiction where they have no involvement other than the fact that one of their cloud providers operates a Datacenter with that jurisdiction |
|
|
Virtual Machine Escape Attack |
This vulnerability is the most serious issue that can exist in a virtualized environment, particularly when a virtual host runs systems of differing security levels. The attacker has access to a single virtual host and then manages to leverage that access to intrude upon the resources assigned to a different virtual machine |
|
|
Virtual Machine Sprawl |
Occurs when IaaS users create virtual device instances and then forget about them or abandon them, leaving them to accrue costs and accumulate security issues over time. |
|
|
SWG |
Secure Web Gateways provide a layer of application security for cloud dependent organizations. They monitor web requests made by internal users and evaluate them against the organization’s security policy, blocking requests that run afoul of these requirements. They are commonly used to clock access to potentially malicious content but may also be used to enforce content filtering restrictions |
|
|
Auditability |
Is an important component of cloud governance. Contracts should include language guaranteeing the right of the customer to audit cloud service providers. This is essential to Provo using customers the assurance that the provider is operating in a secure manner and meeting its contractual data protection obligations |
|
|
CASB |
Cloud Access Security Broker is a software tool that serve as intermediaries between cloud service user and cloud service providers. This positioning allows them to monitor user activity and enforce policy requirements. |
