WEBVTT 00:00:01.050 --> 00:00:04.740 Let's take a look at the important points we've covered in this 00:00:04.740 --> 00:00:08.450 first course of the CCSP, Cloud Concepts, 00:00:08.460 --> 00:00:10.450 Architecture, and Design. 00:00:10.940 --> 00:00:12.320 By going through this, 00:00:12.320 --> 00:00:15.380 we can review what are the things we could expect to 00:00:15.380 --> 00:00:17.970 see on the examination as well. 00:00:19.740 --> 00:00:23.560 The exam content is divided into five major areas, 00:00:23.610 --> 00:00:27.680 understanding cloud computing concepts, describing 00:00:27.680 --> 00:00:29.820 the cloud reference architecture, 00:00:30.340 --> 00:00:34.750 understand security concepts relevant to cloud computing, 00:00:35.140 --> 00:00:39.150 understand design principles of secure cloud computing, 00:00:39.330 --> 00:00:42.360 and to evaluate cloud service providers. 00:00:43.040 --> 00:00:46.930 All of these cover a lot of sub‑topics as well. 00:00:47.190 --> 00:00:50.250 It's important we understand these topics, 00:00:50.260 --> 00:00:51.910 we know how to apply them, 00:00:52.040 --> 00:00:56.960 but most of all we must remember this is a cloud security course, 00:00:57.070 --> 00:00:59.610 not just a cloud architecture course. 00:01:00.840 --> 00:01:05.360 Some of the key points we must remember as we approach the exam is 00:01:05.360 --> 00:01:09.250 that the use of the cloud is a supporting technology, 00:01:09.430 --> 00:01:15.210 but it's there in order to ensure the business can operate, so 00:01:15.210 --> 00:01:18.800 therefore we are looking at cloud security, 00:01:18.930 --> 00:01:20.850 not just cloud principles. 00:01:21.340 --> 00:01:26.640 There are many different ways to deploy the cloud, and the important 00:01:26.640 --> 00:01:31.980 function for us is to ensure that information security has been 00:01:31.980 --> 00:01:36.780 incorporated into cloud deployments, therefore, 00:01:36.790 --> 00:01:42.660 our security program is also aligned with what's important for the business. 00:01:43.840 --> 00:01:48.610 The goals of this information security program in the cloud is to 00:01:48.610 --> 00:01:51.860 ensure that we have cost‑effective risk management. 00:01:52.240 --> 00:01:56.300 We know that the cloud represents a significant supply 00:01:56.300 --> 00:01:59.160 chain risk for most organizations. 00:01:59.640 --> 00:02:04.370 They depend on the cloud, and if the cloud was to fail or 00:02:04.380 --> 00:02:07.300 it was unable to protect their data, 00:02:07.470 --> 00:02:12.600 the very business itself could be at risk of failure. But we need 00:02:12.600 --> 00:02:15.920 to understand what are the cloud‑specific risks, 00:02:16.140 --> 00:02:19.890 the risks that come when we move into a multi‑tenant environment, 00:02:19.890 --> 00:02:25.210 for example. One of the things that's very important to remember 00:02:25.420 --> 00:02:30.830 is that the responsibility for risk is that of the senior 00:02:30.830 --> 00:02:32.800 management of the organization. 00:02:33.140 --> 00:02:37.740 They are the owners of the risk and the owners of the data, 00:02:37.740 --> 00:02:43.580 so even if we use a cloud deployment as a subcontractor 00:02:43.580 --> 00:02:45.930 from a cloud service provider, 00:02:46.080 --> 00:02:52.780 we still have prime responsibility for risk and for the protection of our data, 00:02:52.790 --> 00:02:55.450 even though it's on somebody else's system. 00:02:56.900 --> 00:03:00.590 Some of the important cloud concepts we looked at include the various 00:03:00.590 --> 00:03:05.670 cloud service categories such as Software, Infrastructure, and Platform as 00:03:05.670 --> 00:03:09.400 a Service; various types of deployment models, 00:03:09.460 --> 00:03:13.880 public, private, community, and hybrid; the various 00:03:13.890 --> 00:03:16.020 elements that make up the cloud, 00:03:16.020 --> 00:03:21.150 the building blocks, things like virtualization and containers; and 00:03:21.150 --> 00:03:24.490 some of the key cloud computing characteristics. 00:03:24.630 --> 00:03:29.070 We saw these defined by NIST as things like broad network 00:03:29.070 --> 00:03:33.800 access, measured service, and the ability to adjust our 00:03:33.800 --> 00:03:37.360 deployment according to our unique needs. 00:03:38.740 --> 00:03:42.840 One of the things we must be aware of are what are the cloud‑specific 00:03:42.840 --> 00:03:47.160 threats, and therefore the cloud security elements. 00:03:47.840 --> 00:03:51.500 There are many different common threats to the cloud, everything 00:03:51.500 --> 00:03:57.140 from failure of networks and equipment and personnel, and it's 00:03:57.140 --> 00:04:00.550 important we practice good security hygiene. 00:04:00.940 --> 00:04:05.420 That means we clean things up, we make sure that our data is 00:04:05.420 --> 00:04:11.080 properly protected, and we also should ensure that the cloud service 00:04:11.080 --> 00:04:16.269 providers we work with are following good security practices through 00:04:16.269 --> 00:04:18.950 some type of evaluation criteria. 00:04:20.140 --> 00:04:23.700 Three of the key points we wanted to stress throughout this 00:04:23.700 --> 00:04:27.760 course are the need for proper access control, 00:04:28.140 --> 00:04:31.760 data protection, and business continuity. 00:04:32.140 --> 00:04:37.910 These are things that we must deploy in a cloud‑based environment to ensure 00:04:37.910 --> 00:04:42.860 the business can run and we minimize our risk and liability. 00:04:44.340 --> 00:04:48.960 The next steps, now that you've done this first foundational course, 00:04:49.440 --> 00:04:53.050 do the self‑assessment questions, and when you do them, 00:04:53.050 --> 00:04:55.210 it's always good to review them and say, 00:04:55.210 --> 00:04:55.850 okay, 00:04:55.860 --> 00:05:00.580 why is this answer better than another, would this answer have 00:05:00.580 --> 00:05:05.230 been better for a different question, and look at ways to explain 00:05:05.230 --> 00:05:07.810 to somebody why you chose your answer. 00:05:08.740 --> 00:05:13.310 It's good to review the references provided and be familiar with the 00:05:13.310 --> 00:05:19.130 terminology and even exam essentials that are provided in the Study Guide. And 00:05:19.130 --> 00:05:23.650 then, proceed to the next course, Cloud Data Security.