Week 9: Securing the Cloud - Data

Question 1

Requirements for data security vary depending on the __, the ___, as well as on your tolerance for __

Answer 1

service model, deployment model, risk

Question 2

Entrusting data to an external custodian may result in better and more cost effective___

Answer 2

security

Question 3

Two examples that emphasize the importance of entrusting data to an external provider are the commercial offerings to

Answer 3

• store highly sensitive data for disaster recovery
• assure the destruction of magnetic media

In both cases, many highly concerned organizations tightly control how they use these services
- However, they often end up using external services

Question 4

Some data may be so sensitive that the consequence of data exposure is too great for a customer to consider a public cloud
- It is not the case that security needs for such data can’t be met in a public cloud, rather the ___is incompatible with its ___

Answer 4

cost

cost model

Question 5

We might also expect that future higher-assurance clouds would reduce risk by limiting access by ___

Answer 5

selective screening of customers

Question 6

When data is stored with a CSP, the CSP assumes at least partial responsibility (____) if not full responsibility (____) in the role of data custodian

Answer 6

PaaS

SaaS

Question 7

By the nature of the service offerings, a data owning organization can benefit from their CSP having control and responsibility for___ in the ___model

Answer 7

customer data

SaaS

Question 8

The data owning organization is progressively responsible beginning with ___and expanding with ___

Answer 8

PaaS laaS

Question 9

Data at rest refers to any data in ___

Answer 9

computer storage

Question 10

Protecting___ in a cloud is not radically different than protecting it outside a cloud, except for the partial lack of owner’s control

Answer 10

data at rest

Question 11

A data owning organization has several opportunities in proactively ensuring data assurance by a CSP

Answer 11

• Selecting a CSP should be based on verifiable attestation that the CSP follows industry best practices and implements security that is appropriate for the kinds of data they are entrusted with
• Higher assurance cloud services may come with indemnification (compensation for loss) as a means of monetary backing of assurance for a declared level of security

Question 12

___ refers to data as it is moved from a stored state – a file or database entry – to another form in the same or a different location

Answer 12

Data in motion

Question 13

Because data in motion only exists as it is in transition between points, securing this data focuses on __ and __

Answer 13

integrity

confidentiality

Question 14

There is no better protection strategy for data in motion than ___

Answer 14

encryption

Question 15

Phishing

Answer 15

Tricking end users into providing their credentials for access

Question 16

Some cloud providers have implemented safeguards to help address cloud-targeted phishing attacks

Answer 16

Salesforce.com Login Filtering
- A subscriber can instruct Salesforce not to accept logins, even if valid credentials are provided, unless the login is coming from a whitelisted IP address range

Google Apps & other Google services
- These services may randomly prompt users for their passwords, especially in response to suspicious events
- A login from China shortly after a login from the US
for the same account

Amazon Web Services Authentication
- When a subscriber uses EC2 to provision a cloud hosted virtual server, Amazon creates PKI keys and requires them to be used for authentication
- If you provision a new LINUX VM and want to SSH
to it, you have to use SSH with key-based
authentication and not a static password

Question 17

Phishing is a threat largely because most cloud services currently rely on __

Answer 17

simple username/password authentication

Question 18

Some issues related to protection from phishing attacks

Answer 18

Referring URL Monitoring: Does the CSP actively monitor the referring URLs for authenticated sessions?

Behavioral Policies: Does the CSP employ policies that prohibit weak security activities that could be exploited?
- E-mails with links that users can click to automatically
access data
- Password resets to occur without actively proving
user identity

Question 19

Outsourced services – be they cloud-based or not – can bypass the typical ___controls enforced by IT organizations

Answer 19

physical and logical

Question 20

CSP Privileged Access risk is a function of two primary factors

Answer 20

The potential for exposure with unencrypted data

Privileged cloud provider personnel access to both data and keying materials

Question 21

The ___of data can be a primary concern in cloud computing

Answer 21

origin

Question 22

For compliance purposes, it may be necessary to have exact records as to

Answer 22

what data was placed in a public cloud
when it occurred
what VMs and storage it resided on
where it was processed

Question 23

Reporting on data lineage may be difficult with a public cloud
This is largely due to the___

Answer 23

degree of abstraction that exists between physical and virtualized resources

Question 24

According to Bruce Schneier, the practice of encrypting data at rest deviates from the historical use of cryptography for ___

Answer 24

protecting data in transit

Question 25

For data in motion, encryption keys can be ___, whereas for data at rest, keys must be ___

Answer 25

ephemeral | retained

Question 26

“Much of the data stored on the Internet is … primarily intended for use by other computers. And therein lies the problem. Keys can no longer be stored in people's brains. They need to be stored on ___, that the data resides on. And that is much riskier”

Answer 26

the same computer, or at least the network

Question 27

___has been recognized as a critical enabling technology for security in cloud computing

Answer 27

Cryptography

Question 28

Cryptography has expanded from protecting ___to techniques for assuring ___, ___, and ___

Answer 28

confidentiality integrity authentication digital signatures

Question 29

To ensure ___, plaintext is converted into ___using mathematical functions meeting several requirements

Answer 29

confidentiality | cyphertext

Question 30

Cryptographic Requirements

Answer 30

The algorithm and implementation must be computationally efficient The algorithm must be open to analysis by the cryptography community The resulting output must withstand the use of brute force attacks even by vast numbers of computers

Question 31

Plaintext is encrypted into cyphertext using an___ and the resulting cyphertext is ___using a decryption key

Answer 31

encryption key | decrypted

Question 32

In ___cryptography, encryption / decryption keys are the same

Answer 32

symmetric

Question 33

It is also very difficult to establish a ___ between communicating parties when a secure channel does not already exist for them to securely exchange a ___

Answer 33

secret key | shared secret key

Question 34

In ___cryptography (aka ___), the two keys (public and private key) are different but mathematically related

Answer 34

asymmetric | public-private key cryptography

Question 35

The primary advantage of asymmetric cryptography is that only the ___ must be kept secret

Answer 35

private key

Question 36

Although public-private key pairs are related, it is infeasible to derive a ___from the corresponding___

Answer 36

private key | public key

Question 37

Block Ciphers

Answer 37

take as input a key along with a block of plaintext and output a block of cyphertext

Question 38

Stream Ciphers

Answer 38

operate against an arbitrarily long stream of input data, which is converted to an equivalent output stream of cyphertext

Question 39

Cryptographic Hash Functions

Answer 39

take an arbitrarily long input message and output a short, fixed length hash - A hash can serve various purposes, such as verifying the integrity of a message

Question 40

Uses of cryptography

Answer 40

block cipher, stream cipher, cryptographic hash, authentication

Question 41

Common Errors with Data Encryption

Answer 41

Failing to use cryptographically secured protocols when they are available Developing your own cryptographic algorithms Implement an existing cryptographic algorithm instead of using a proven implementation Storing keys with data Not planning how to recover keys if the individuals / entities keeping them suffer a disaster

Question 42

Using traditional ___approaches in a cloud environment is problematic when the enterprise uses multiple CSPs

Answer 42

identity management Synchronizing identity information with the enterprise is not scalable

Question 43

___is an effective foundation for identity management in cloud computing

Answer 43

federated identity management (FIM or FIdM)

Question 44

Federated identity uses a ___ model

Answer 44

claim-based token

Question 45

Discretionary Access Control (DAC)

Answer 45

Access privileges are determined by the owner of the object who decides who will have access and what privileges they will have

Question 46

Nondiscretionary Access Control

Answer 46

Mandatory Access Control (MAC) - Rely upon the use of classification labels for both subjects and objects Role Based Access Control (RBAC) - Access privileges are determined based on the role of the user Task Based Access Control (TBAC) - Access privileges are determined based on the tasks assigned to a user

Question 47

The objective of ___ is to enable an information-centric framework for data handling

Answer 47

information identification and categorization

Question 48

Data at different sensitivity levels require different ___

Answer 48

protection strategies

Question 49

Tools to protect categorized data include

Answer 49

Encryption Procedures for ensuring security across phases of the data life cycle Mechanisms to detect unauthorized access to valuable data

Question 50

___and ___ are examples of OSs supporting data categorization and DoD-style mandatory access controls

Answer 50

SELinux | Trusted Solaris

Question 51

There are many consequences when all data is uniformly treated as being equal in sensitivity or value

Answer 51

Without any data sensitivity oriented controls, a relatively small percentage of sensitive data is mixed in with far more non-sensitive data and is accessible to anyone with overall access Failing to identify sensitive data complicates incident resolution and can be problematic when compromised data includes data subject to regulatory compliance

Question 52

A second problem with sensitive information is a common inclination to __

Answer 52

classify or label everything as sensitive Over-classification can lead to a reduction in care in handling actually sensitive data and to increased costs

Question 53

There are multiple ways of encrypting data at rest

Answer 53

Full Disk Directory Level (or Filesystem): File Level Application Level

Question 54

Full Disk Encryption

Answer 54

The entire content of the disk is encrypted (OS, apps, data) This entails performance and reliability concerns Even a minor disk corruption can be fatal

Question 55

Directory Level (or Filesystem) Encryption

Answer 55

Entire directories are encrypted This approach can also be used to segregate data of identical sensitivity into directories that are individually encrypted with different keys

Question 56

File Level Encryption

Answer 56

Individual files can be independently encrypted

Question 57

Application Level Encryption

Answer 57

The application manages encryption and decryption of application-managed data

Question 58

The two goals of securing data in motion are

Answer 58

Integrity: preventing data from being tampered with Confidentiality: ensuring that data remains confidential

Question 59

The most common way to protect data in motion is to utilize ___ to create channel in which safely pass data to or from the cloud

Answer 59

encryption combined with authentication

Question 60

___are typical protocols used for secure data transfer

Answer 60

HTTPS, TLS, SSL

Question 61

___ public cloud might not allow subscribers to encrypt their data

Answer 61

A Software-as-a-Service This may be due to functional limitations with the actual service itself Many SaaS providers might not be able to provide revenue generating services if they have to maintain strict data isolation among users

Question 62

The U.S. Department of Defense has an excellent and well accepted definition illustrating the two key aspects of data deletion

Answer 62

Clearing | Sanitization

Question 63

Clearing (Deletion of Data)

Answer 63

Clearing is the process of eradicating the data on media before reusing the media in an environment that provides an acceptable level of protection for the data that was on the media before clearing. All internal memory, buffer, or other reusable memory shall be cleared to effectively deny access to previously stored information

Question 64

Sanitization (Deletion of Data)

Answer 64

Sanitization is the process of removing the data from media before reusing the media in an environment that does not provide an acceptable level of protection for the data that was in the media before sanitizing. IS resources shall be sanitized before they are released from classified information controls or released for use at a lower classification level

Question 65

Often, data stored in public clouds is not ___to DoD levels

Answer 65

sanitized

Question 66

Under various circumstances, deleted data can be restored

Answer 66

Computer data is stored in magnetic form or as electrical charges - Very advanced techniques enable to identify magnetic or electrical charge remnants and recreate the data they still represent Even more simply, when a file is deleted, the blocks that comprised it are released to the file system for reuse Deleted data can also be accessed well after simply because it also exists in archives or data backup volumes

Question 67

Data masking

Answer 67

(aka data obfuscation, depersonalization) preserves data privacy by removing all identifiable and distinguishing attributes, in order to render the data anonymous, although still useful

Question 68

A common data masking technique involves replacing actual data values (e.g., person names) with ___to an ___

Answer 68

keys | external lookup table holding the actual values

Question 69

Data masking must be performed carefully, or the resulting masked data can still ___

Answer 69

reveal sensitive data

Question 70

Storage-as-a-Service

Answer 70

In the cloud storage model, data is stored on multiple virtualized servers Physically, the resources will span multiple servers and can even span multiple storage sites

Question 71

Among the additional benefits of such generally low-cost services are the ___performed by the CSP

Answer 71

storage maintenance tasks Backup, replication, and disaster recovery

Question 72

Replication of data is performed at a low level by such mechanisms as ___ or by a ___

Answer 72

RAID file system - One such file system is ZFS, which was designed by Sun Microsystems as both a file system and a volume manager

Question 73

One of the more recent trends in online cloud-based storage is the ___

Answer 73

cloud storage gateway

Question 74

cloud storage gateway

Answer 74

Translation of client-used APIs and protocols to those that are used by cloud-based storage services - The goal is to enable integration with existing applications Backup and recovery capabilities that work with in-cloud storage Onsite encryption of data that keeps keys local to the onsite appliance

Question 75

What might happen when an external public cloud becomes business-critical for an organization?

Answer 75

It may be extremely difficult to switch to another provider (lock-in)

Question 76

Metadata

Answer 76

Metadata is data about data, including things as to where the data came from, who performed what operations against it, and when changes were made Cloud metadata may include other very valuable information What happens to the metadata if the subscriber decides to discontinue use of the service?

Question 77

Fortunately, many of the large public cloud providers currently provide the ability to export not only ___ but also ___generated by its subscribers

Answer 77

data metadata The presence of an export feature is not sufficient

Question 78

Cloud Data Export Feature

Answer 78

If the data is exported in a proprietary file format, then that format might not be able to be intelligibly parsed If it is exported in a plaintext format or in a standard format such as XML, it can be easily imported into the new system

Question 79

Google has gone so far as creating what they call the

Answer 79

Data Liberation Front An example of this can be seen in Google Docs (now Google Drive) Google Takeout is an interface to export data from different products

Question 80

Data Liberation – Digital Afterlife

Answer 80

Not many of us like thinking about death — especially our own. But making plans for what happens after you’re gone is really important for the people you leave behind. So today, we’re launching a new feature that makes it easy to tell Google what you want done with your digital assets when you die or can no longer use your account.”