Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
28 views7 pages

Unit 2 Cloud Computing

Uploaded by

nikklejoshuaj.ug.21.cs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views7 pages

Unit 2 Cloud Computing

Uploaded by

nikklejoshuaj.ug.21.cs
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Unit 2

1. Hybrid Cloud Strategy::

Challenges in Hybrid Cloud Encryption Key Management

1. Complexity: Keys stored across on-premises and cloud platforms can be hard to sync
and standardize.

2. Security Risks: Inconsistent policies and unsecured data transfers increase


vulnerabilities.

3. Compliance Issues: Meeting data residency and audit requirements is challenging.

4. Operational Overhead: Scaling, rotating, and managing keys across environments


requires effort.

Responsibilities in a Hybrid Cloud Model:

1. Infrastructure as a Service (IaaS):

- Provider: Secures physical hardware, network, virtualization, and infrastructure.

- Customer: Manages operating systems, applications, data, and access controls on


virtual machines.

2. Platform as a Service (PaaS):

- Provider: Secures infrastructure, operating systems, and runtime environment.

- Customer: Manages applications, data, and access controls.

3. Software as a Service (SaaS):

- Provider: Secures the entire infrastructure, including applications.

- Customer: Manages user access, data within the application, and specific
configurations.
Strategies to Address Challenges

1. Centralized KMS: Use a unified system for managing keys in both environments.

2. Standardization: Adopt uniform policies and protocols like KMIP.

3. Encryption Practices: Use end-to-end encryption and separate keys for different data
types.

4. Automated Key Management: Automate key rotation and lifecycle processes.

5. Enhanced Security: Apply strong access controls, MFA, and monitoring.

6. Compliance Tools: Use automated tools for reporting and auditing.


2. Data Tokenization::

Concept of Data Tokenization

1. Tokenization Process:

- Replace sensitive data with unique tokens that have no value outside the
tokenization system.

- Store the link between sensitive data and tokens in a secure vault.

- Keep sensitive data in the vault, using tokens in systems instead.

2. Token Retrieval:

- Retrieve original data by sending the token to the vault through authorized requests.

Benefits of Data Tokenization

1. Protection of Sensitive Data:

- Minimizes exposure by using tokens instead of actual data.

- Supports compliance with regulations like PCI-DSS and GDPR.

2. Maintaining Usability:

- Tokens function in systems without affecting operations.

- Enables secure processes like billing with tokenized data.

3. Security Enhancements:

- Limits breach impact as only tokens are exposed.

- Simplifies data protection and management.

4. Encryption Complement:

- Adds an extra layer of security alongside encryption for data at rest and in transit.
Considerations for Implementing Data Tokenization

1. Token Vault Security:

- Use strong encryption, access controls, and monitoring.

2. Token Management:

- Develop policies for token creation, usage, and de-tokenization.

3. Integration with Systems:

- Ensure smooth operation with existing applications.

Conclusion

Tokenization protects sensitive data while maintaining usability, enhancing both security
and compliance.
3. Encryption::

Why Encryption is Important?

Data Confidentiality: Protects sensitive data from unauthorized access by making it


unreadable without a decryption key.

Regulatory Compliance: Ensures compliance with laws like GDPR and PCI-DSS to avoid
penalties.

Mitigates Data Breach Impact: Stolen encrypted data remains secure without the
decryption key.

Maintains Customer Trust: By demonstrating strong data security practices, which


enhances customer confidence.

Key Stages for Applying Encryption

1. Data at Rest:

- What It Is: Data stored on disks, in databases, or in cloud storage.

- How to Implement: Encrypt data before storing it using strong algorithms like AES-
256.

2. Data in Transit:

- What It Is: Data being transmitted between systems or users.

- How to Implement: Use secure protocols like TLS or HTTPS to protect data during
transmission from interception or tampering.

3. Data in Use:

- What It Is: Data being processed or accessed by applications.

- How to Implement: Use techniques like homomorphic encryption or secure multi-


party computation (SMPC) to protect data while it is actively being used.
4. Key Management:

- What It Is: The secure handling of encryption keys.

- How to Implement: Using hardware security modules (HSMs) or cloud key


management services to ensure proper generation, storage, rotation, and disposal of
keys

5. Backup and Archive Data:

- What It Is: Data stored for backup or archival purposes.

- How to Implement: Encrypt backup and archived data to protect it, even if backup
systems are compromised.

Types of Encryption:

1. Symmetric Encryption

2. Asymmetric Encryption
4. Data Classification

You might also like