WEBVTT

00:00:01.240 --> 00:00:04.640
Let's take a look at the important areas we covered in the

00:00:04.640 --> 00:00:09.160
second domain of the CCSP, cloud data security.

00:00:10.940 --> 00:00:15.610
The exam content outline for cloud data security includes these

00:00:15.610 --> 00:00:19.250
topic areas, describing cloud data concepts,

00:00:19.640 --> 00:00:22.850
design and implement cloud data storage architecture,

00:00:23.440 --> 00:00:29.980
design and apply data security technologies and strategies, implement data

00:00:29.980 --> 00:00:36.840
discovery, and plan and implement data classification. It also includes

00:00:36.850 --> 00:00:40.100
design and implement information rights management,

00:00:40.100 --> 00:00:46.450
IRM, plan and implement data retention, deletion, and archiving policies,

00:00:46.940 --> 00:00:51.410
design and implement auditability, traceability,

00:00:51.520 --> 00:00:54.500
accountability of data events.

00:00:55.240 --> 00:00:59.220
All of these topics are testable, and the exam candidate

00:00:59.220 --> 00:01:01.260
should be familiar with each one of them.

00:01:02.640 --> 00:01:06.560
Some of the key points we covered in this course include

00:01:07.040 --> 00:01:12.260
data is one of the organization's most important assets for

00:01:12.260 --> 00:01:14.750
nearly every organization today.

00:01:15.540 --> 00:01:18.650
It is critical for business operations.

00:01:20.140 --> 00:01:26.370
The core principle behind data security and therefore data protection is to

00:01:26.370 --> 00:01:33.670
establish data ownership. And data must be protected throughout the entire

00:01:33.670 --> 00:01:36.840
data lifecycle. When we deal with a cloud,

00:01:36.840 --> 00:01:41.760
this becomes even more complex than just dealing with it ourselves.

00:01:43.340 --> 00:01:46.450
The goals of data security include ensuring the

00:01:46.450 --> 00:01:51.320
appropriate protection of data. That means not too much,

00:01:51.320 --> 00:01:54.060
but certainly not too little, either.

00:01:55.040 --> 00:02:01.740
We protect data at all times during the data lifecycle. We establish that

00:02:01.740 --> 00:02:10.330
ownership, which brings in accountability. In all of this, we set up a level of

00:02:10.330 --> 00:02:16.970
accountability and responsibility that can protect the organization, both to

00:02:16.970 --> 00:02:20.130
ensure that its data is available when needed,

00:02:20.380 --> 00:02:24.660
but also to protect it from some type of liability or

00:02:24.660 --> 00:02:26.860
breach of government regulations.

00:02:28.140 --> 00:02:33.850
The concepts behind cloud data security really cycle

00:02:33.850 --> 00:02:36.900
around the areas of access control.

00:02:37.030 --> 00:02:41.480
Same as they do when we don't deal with the cloud, but access control

00:02:41.480 --> 00:02:47.740
becomes more complex when we're dealing with a third party. We protect

00:02:47.750 --> 00:02:50.100
data quite often through data hiding.

00:02:50.540 --> 00:02:56.960
For example, we can use tools like tokenization, encryption, and obfuscation.

00:02:58.140 --> 00:03:03.650
We also protect our data through information rights management and data

00:03:03.650 --> 00:03:06.960
loss, or sometimes called data leakage, prevention.

00:03:08.240 --> 00:03:14.250
We have to be careful, especially when we aggregate large amounts of data

00:03:14.250 --> 00:03:20.470
together. That can lead to things like inference and the risk of exposure of

00:03:20.470 --> 00:03:23.560
sensitive information through data aggregation.

00:03:25.640 --> 00:03:30.810
Some of the threats to data and security really circle around these

00:03:30.820 --> 00:03:36.620
areas of ensuring the data is available when needed, that we handle it

00:03:36.620 --> 00:03:41.530
correctly according to the classification and rules set out by the

00:03:41.530 --> 00:03:46.930
data owner, and we preserve the integrity of our data and the way we

00:03:46.930 --> 00:03:48.960
process the data as well.

00:03:50.340 --> 00:03:54.150
Some of the key points to remember, contracts and

00:03:54.150 --> 00:03:56.300
service‑level agreements are key.

00:03:56.840 --> 00:04:02.750
They are required to mandate and show that we've done due care in

00:04:02.750 --> 00:04:09.950
ensuring the protection of our data. Even though we may host our data

00:04:09.950 --> 00:04:15.630
on a cloud service provider and the cloud service provider will handle

00:04:15.630 --> 00:04:20.040
both the processing and storage of our data, as well as some of the

00:04:20.040 --> 00:04:21.649
network communications,

00:04:22.140 --> 00:04:25.800
the ownership and the responsibility for the protection of the

00:04:25.800 --> 00:04:32.020
data remains with the cloud consumer. Data must be protected

00:04:32.310 --> 00:04:35.750
at all times and in all forms.

00:04:37.640 --> 00:04:41.220
The next steps. Now that you've done this domain,

00:04:41.220 --> 00:04:43.380
do the self‑assessment questions.

00:04:43.940 --> 00:04:47.450
Think about why one answer may be better than another,

00:04:48.040 --> 00:04:52.490
and review the references, important terminology, and exam

00:04:52.490 --> 00:04:55.260
essentials that are provided in the study guide,

00:04:56.140 --> 00:05:01.750
then proceed to the next course, Cloud Platform and Infrastructure Security.