The Risks involved with Cloud Computing and Virtualization
Maybe you don't set the data in the mas. Or perhaps you encrypt it when you set it in the mas. There's happenings you can do to help mitigate and allow that specific risks in your environment. Another objection you have from a defense view is that the actual defense access to this data, or this information, is managed by a third party. If you look at something like Google Mail or Yahoo Mail, you really don't administer the security for that. You trust that Yahoo or Google is going to be able to make sure that you're forward is fasten, that nobody else get message that you have inside of your inbox. So that's a bit of a objection, because now we're putting that rely in a third party. And if you're putting message into the mas that's being managed by a third party, that's certainly something you should consider. Another patch that's important with cloud estimating is that these servers are somewhere else. You may merely be buying a service that happens to be on person else's rig. And in that particular case, you may not have a lot of self-restraint should a problem occur with that server.
If the server proceeds down, it loses supremacy, a hard drive miscarries, or perhaps you get locked out of your chronicles, you don't really have direct access to be able to resolve that particular issue. Just because it's in the mas doesn't mean it's always available. These are human that are organizing technical plans, and sometimes what happens out there in the mas organizes downtime and outages for you. You too have to save that in imagination because there is a risk from their own organizations not having access to your plans. If that occurs, there is a requirement have an understanding of what that means for the organization. Another engineering that should certainly come on strong is virtualization-- this idea of having one big monster computer. And inside of that device you can improve virtual plans. Before, we used to have 20 different servers. Now we've got one big server and virtually there's 20 little servers sitting inside of it. What's nice about that is we have a lot of self-restraint over what we can do with that system. We can allocate more memory.
We can give it some more disk space. We're not is restricting physical restrictions anymore. So there's a lot of good business value accompanied with virtualization. But from a defense view, there is an emerging pitch of threats coming by person taking advantage of that virtualization seam. That's the seam that sits on top of all these virtual plans. And the bad people know that if they can get access to that virtualization seam, there's a possible then for gaining access to every single virtual system that might be on that physical computer. That's a pretty big concern. You might have some highly important information. You might have 100 different virtual plans on a physical device.
And by gaining access to that virtualization, perhaps putting every single one of those plans at risk. And it's something you have to keep track of as a defense professional, because those are provokes with virtualization you simply can't dismiss. There is very little self-restraint over what happens between virtual plans. They're all inside of one big computer. It's kind of hard to take a firewall and cram it inside of this physical computer and make all the different plans give back and forth through that firewall. There's not a lot of virtual firewall support out there in "the worlds", and the virtual firewall support that exists today is highly, very limited on what it's capable of doing relative to a physical firewall.
So something too to consider there. You may be doing a lot more software-based firewalls, and they might be on the servers themselves. But certainly something to consider when you're moving into a virtual milieu. There are currently objection when you start looking at several plans being crammed into one physical device. In a data centers, if it was a physical server, you had a lot of self-restraint over who retrieved that server physically.
You were also even be permitted to disconnected these servers off into completely different areas of the data hub, and some lawsuits, into disconnected data centers. And that provided you with some advantages from ensure that they are able to divide that out in the environmental issues you've had, both from a data view and physically. When you affix everything on one system, that separation becomes a little bit harder to manage. And yes, you can manage the separation there, there are things in place that enable you to do that, but you have to make sure they're used accurately, that different plans are moved on to different VLAN's, that physically they can't access one another. And those things are in place. It's not as easy as searching in a chamber and knowing everything in this room is separated from everything in the other chamber. Now you have to make sure in that virtualization seam that the situation is being overseen as separate entities, and those two systems are not able to communicate with one another. From a business control view, we also have to be clear about separation of duties. When everything is on one big computer, maybe all of your databases are on disconnected virtual machines inside this one system, separation of duties becomes a little bit more difficult.
How do you divide person from organizing one big server that happens to contain countless, countless, many different servers within it? So that's something that merely has to be part of your policies. If you're organizing a virtual server, perhaps you have several beings that can manage that virtual server. Maybe the administration of that server is split off into other slice. Maybe there is an overlay on top of every single one of those individual virtual machines for control and safety. Something that you may have to consider implementing into the security plans in their own organizations
CompTIA Security+ SY0-401