Section 3.6

Cloud Access Security Broker (CASB)

A software tool or service that enforces cloud-based security requirements. It is placed between the organization's resources and the cloud, monitors all network traffic, and can enforce security policies.

Virtual Network

A software-based network that exists between devices on a physical network.

Application Security

Code written/ measures taken at the application level to thwart attacks such as, SQL injection, brute force attack, network eavesdropping, and etc.

Firewall considerations in a cloud environment

Cost: Need for segmentation: Open systems Interconnection (OSI) Layers

Resource policies

If managed improperly, which of the following would be most detrimental to access management of cloud-based storage resources?

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

Replication

The act of replicating data across multiple systems is part of the resiliency of the cloud, in that single points of failure will not have the same effects that occur in the standard IT enterprise

Integration and auditing

The integration of the appropriate level and quantity of security controls is a subject that is always being audited

third-party solutions

The tools offered from companies not owned by the corporation.

Dynamic Resource Allocation

Upgrading or downgrading cloud resources based on demand.

Next Generation Source Web Gateway

a network security service located between the users and the Internet

Public Subnet

a subnet that is accessible from the internet

Private subnet

a subnet that is not accessible from the internet

API inspection and integration

an active measure to prevent errors from propagating through a system and causing trouble

Security Groups

composed of the set of rules and policies associated with a cloud instance

Virtual private cloud endpoint

connections to and from a virtual private cloud instance.

Cloud Native Controls

provider offers an enterprise subscription as part of the user agreement and service license

High Availability (HA)

refers to measures that can be implemented to prevent the entire system from failing if some components of the system fail

Permissions

restricting or granting of access to specific files and folders on a computer network to a user or group of users.

Instance Awareness

the name of a capability that must be enabled on firewalls, secure web gateways, and cloud access security brokers (CASBs) to determine if the next system in a communication chain is legitimate or not

Segmentation

the network process of separating network elements into segments and regulating traffic between the segments

container security

the process of implementing security tools and policies to ensure your container is running as intended

Secrets management

the term used to denote the policies and procedures employed to connect the IAM systems of the enterprise and the cloud to enable communication with the data