Secure cloud computing: What you need to know
Learn about the risks associated with putting your data in the cloud in this episode of Cyber Work Applied.
Securing your cloud data
When you put data on the cloud, you’re responsible for it. Learn what you need to know about securing your cloud data in this video featuring Infosec Principal Security Researcher Keatron Evans.
Cyber Work listeners get free cybersecurity training resources. Click below to get your free courses and other materials.
Cloud security questions and demo
Below is the edited transcript of Keatron’s cloud security computing walkthrough.
Is your data safe in the cloud?
(0:00- 0:26) Is your data as secure in the cloud as it is in your traditional environment? What security-related things should you consider before migrating to cloud services? Who is responsible for your data if it's stolen while in the cloud?
Let's answer all these questions now, and then I'll show you what it looks like to move something from a local location to a cloud location. Let's cloud!
Learn Cloud Security
Cloud data centers are on the rise
(0:27- 1:01) Currently, 90% of all companies are using cloud services in one way or another. Cisco predicts that 94% of computing workloads will be processed in cloud data centers by the end of 2021. In 2019, the U.S. spent a staggering $124 billion on cloud computing. That's more than twice the next four countries combined, which include China, Germany, the UK and Japan, all coming in at about $10 billion each.
With this rapid migration, there are bound to be some security issues.
Who is responsible for cloud data security?
(1:02- 1:55) One of the biggest questions that come to mind with cloud services is: who is responsible for securing the data once it's in the cloud? Well, the short answer is: you are. If it's your data, you are still ultimately responsible for it.
Imagine you're my bank and you have my data. I've been trusting my data with you. If you then move that data to a cloud service provider and then later suffer a data breach due to negligence on the part of the cloud service provider, my legal response is still going to primarily be against you. My contract is with you, not your cloud service provider. I also didn't have any vote on whether you would move my data to a cloud service provider.
So make no mistake about it. Moving your data to the cloud does not magically absolve you from the responsibility to secure that data.
Will security controls transfer to the cloud?
(1:56-2:33) Another common question is will all my existing security controls and implementations transfer? Well, the answer to this is sometimes they will, and sometimes you'll need to innovate new controls. But you must also consider whether or not the existing controls, even if transferred, will be sufficient for the cloud environment.
Just because those controls work for local data centers, which are largely segmented from the rest of the world, doesn't mean they're sufficient in a public cloud or a hybrid cloud model. Oftentimes, this migration will require a completely new architecture and design. Your network security engineers have to quickly become cloud security engineers.
Demo of moving a file to the cloud
(2:34-4:44) Let me demonstrate what it looks like to migrate basic data from a local device to cloud technology.
I've got a file here on my local machine that I'm going to take and move up to a cloud service and make available to anyone who has internet access. Let's go ahead and look at my desktop here. We can see that I have this file named “Keatronat2.” It's simply an image of me when I was two years old. So this thing is only available to anyone that gets onto my laptop right now. It's not available out in public. The only way to get to it is on my laptop.
What I'm going to do here is migrate this file up to the internet via cloud services and make it available to anyone that wants to see it. I'm going to go over to my Amazon account here and go to my S3 buckets. These are just containers. I'm going to pick a specific one, and I'm going to then say upload. I’m going to grab that specific file off my local machine, and then I'm going to upload it to Amazon S3.
Learn Cloud Security
As a result of this, what ends up happening is this file is not only on my local machine, but it's also up in the cloud at this point. It's up where other people can access it if I give the world access to it, which I'm about to do now. The next step is to go to that file and click the button that says make public. What ends up happening as a result is that this URL is a world-browsable URL now. So anyone in the world that I send to this URL will be able to view and even download that picture.
We'll copy the link here; visit the link. And as you can see, this picture is publicly available. This is what it looks like to take a file that's only available locally and then move it to a service like Amazon S3 to make it available to anyone in the world. And that is the value of cloud services.
More cybersecurity training resources
Want more free resources? Check out the weekly Cyber Work Podcast for in-depth conversations with cybersecurity practitioners and industry thought leaders.
Cyber Work listeners also get other free cybersecurity training resources. Check out the latest free courses and resources to keep learning!