Today’s cybersecurity threat landscape is constantly changing. With IT budgets stretched to the limit and new threats emerging every day, it is essential for organizations to ground their technology use with security best practices and data backups.
Data backups are an essential element of good storage security and overall business resilience, but they are often the source of many security woes. In fact, a significant percentage of security breaches can be attributed to the mismanagement of data backups.
Many storage professionals responsible for backups believe that the mere existence of a process for replicating sensitive data is all that is needed to keep the organization secure. But that is only half the battle. It is what can be done with the data backups after the fact that introduces an entirely different set of risks that are often overlooked. While there is value in threat prevention appliances such as firewalls, the priority should be to understand where the most sensitive data on the network resides and how it should be protected. Therefore, it is important to include secure data backup guidelines as part of the overall enterprise information security program.
In this course we cover security issues, including many security threats to commercial platforms, reasons for vulnerability, who poses security threats? And types of attack. We will investigate the various protections against social engineering and physical attacks, Firewalls, Intrusion Detection Systems (IDS), penetration testing and security audits.
With cloud storage and data processing, responsibility for security is divided between the customer and the services provider. The course aims to discover security in the cloud, encryption, customers’ passwords, and permissions.
- Security, Threat and Privacy
- Cloud Computing
- Cloud Storage
There are security fundamentals that apply to any system architecture. When securing an information system, there are three primary security objectives, confidentiality, integrity and availability.
Confidentiality ensures that information remains private by only allowing authorized users to access it.
Integrity ensures that information can be trusted because it has not been tampered with.
Availability ensures that systems are accessible and can make information available to authorized users when they need it.
To achieve these goals, security strategies and controls are selected and applied to a systems architecture to the extent they are required. Access control is one security technique applied to protect sensitive resources. If you’ve ever taken a flight, you’ve experienced two key components of access control, authentication and authorization. To board a flight, you must authenticate or prove your identity by showing your ID at the security gate. Next, you show your boarding pass to prove you’re authorized to be on the flight. Only after completing these two steps will you be granted access to the airplane.
When securing information systems, authentication is an important security control because it establishes a user’s identity which is necessary to make an access decision. Systems may need to authenticate both human users and other systems, which is accomplished through the exchange of something you know such as a password or something you have such as a token. Highly sensitive systems may apply additional security measures like multi-factor authentication that combines several authentication methods such as a password and a one-time pin. Once identity is established, a system uses the authorization process to control access to resources based upon a user’s privileges. Privileges are used to determine if users should be granted access to the resources they requested.
Modern authorization protocols such as OAuth permit access privileges to be delegated by a resource owner to third parties, allowing the third party to access resources on behalf of a user. Trust is another very important security concept because it determines to what extent something is believed to be true. Systems must frequently decide whether to trust various pieces of information such as a user’s identity, access privileges, tokens and transactional business data. This determination is made based upon factors such as the source of the data, it’s age and the integrity checks it is undergone.
Additionally trust domains can cause one segment of a system to trust a piece of information. However, if that data crosses a trust boundary to another segment of the system, it is no longer trusted.
A system’s attack surface comprises all of the paths that can be used to get data into or out of an application. A systems user interface, open ports, API, and database can all present opportunities for an attacker to compromise a system. So they are considered part of the attack surface.
Reducing and hardening the attack surface is an effective strategy to enhance a system security. These security goals and concepts are universal to any architecture. Most of the strategies used to secure a monolith need to be re-engineered to secure a distributed system.