WEBVTT

00:00:00.940 --> 00:00:02.970
My name is Lyron Andrews.

00:00:02.970 --> 00:00:05.500
Thank you for continuing in this course.

00:00:05.510 --> 00:00:12.060
Now we are going to consider Secure Data Center Design and Supporting Controls.

00:00:13.540 --> 00:00:17.100
It should be said, at the outset of our discussion,

00:00:17.190 --> 00:00:21.780
that most of you taking this course are not part of a company's

00:00:21.780 --> 00:00:26.210
technology where they are considering building out a data center, so

00:00:26.220 --> 00:00:28.370
why are we focusing on it in this course?

00:00:28.780 --> 00:00:29.200
Well,

00:00:29.200 --> 00:00:33.140
the CCSP considers it from the standpoint of what you should

00:00:33.150 --> 00:00:37.540
expect from your cloud service providers.

00:00:37.670 --> 00:00:38.340
For instance,

00:00:38.460 --> 00:00:42.830
if you do a security assessment report on the cloud service provider,

00:00:42.840 --> 00:00:47.280
what does the resilience and the availability level look like?

00:00:47.290 --> 00:00:51.710
What do protection levels look like for them to actually protect

00:00:51.710 --> 00:00:55.140
their own systems that you are now dependent on?

00:00:55.630 --> 00:01:01.140
We began with the data center design standards and what they have to

00:01:01.140 --> 00:01:04.450
say along the matter of building out data centers.

00:01:04.840 --> 00:01:06.790
Well if you go down to the basics,

00:01:06.790 --> 00:01:11.730
cloud consumers are not the ones who are actually building out the data centers,

00:01:11.730 --> 00:01:16.870
but having an understanding of what the standard is can be helpful to

00:01:16.870 --> 00:01:21.150
know the current state of where you are consuming services, and could

00:01:21.150 --> 00:01:25.990
possibly be part of pass‑through assessments or compliance assessments

00:01:26.000 --> 00:01:30.490
that your organization has to abide by regionally, nationally, or

00:01:30.500 --> 00:01:32.290
according to international law.

00:01:32.300 --> 00:01:35.910
The logical design should proceed the physical design.

00:01:35.920 --> 00:01:37.900
When we think of the logical design,

00:01:37.910 --> 00:01:40.960
we're really considering the cloud infrastructure

00:01:40.960 --> 00:01:43.290
including measures to limit remote access,

00:01:43.300 --> 00:01:45.140
monitoring the cloud infrastructure,

00:01:45.140 --> 00:01:48.750
creating substantive tenant partitioning and isolation, and

00:01:48.750 --> 00:01:51.400
allowing for patching and updating of systems in the cloud

00:01:51.400 --> 00:01:53.170
environment in a live manner.

00:01:53.260 --> 00:01:56.640
The other thing that you would think about from a cloud service

00:01:56.640 --> 00:02:00.470
perspective is that the logical design is best described in terms

00:02:00.470 --> 00:02:03.140
from the customer's business vocabulary.

00:02:03.150 --> 00:02:05.780
So locations, processes,

00:02:05.780 --> 00:02:08.970
workflows, and roles from the business domain can be

00:02:08.970 --> 00:02:11.160
included in the logical domain.

00:02:11.400 --> 00:02:15.550
An important aspect of logical network design is that it is part of the

00:02:15.550 --> 00:02:20.080
requirements set for a solution to a customer problem.

00:02:20.090 --> 00:02:25.400
The logical design precedes the physical design so that you are not locked

00:02:25.410 --> 00:02:31.060
in to some functionless state based upon first doing a physical design.

00:02:31.440 --> 00:02:36.640
After determination of business requirements is made, there is a deep

00:02:36.650 --> 00:02:41.320
research of cloud service providers that could reveal that a selection of

00:02:41.320 --> 00:02:46.960
two or more providers is necessary. Proprietary nomenclature methods and

00:02:46.960 --> 00:02:50.970
technologies espoused by the provider of choice could be potentially

00:02:50.970 --> 00:02:54.720
detrimental to meeting the stated business requirement when it becomes

00:02:54.720 --> 00:02:59.370
necessary to link multiple services for a consuming organization. Think of

00:02:59.370 --> 00:03:04.760
data formats and how one cloud service provider may save that information

00:03:04.770 --> 00:03:09.030
and then it becomes unreadable when you try to extract that information from

00:03:09.030 --> 00:03:12.250
that cloud service provider to move it to another location.

00:03:12.260 --> 00:03:16.600
One of the most important characteristics of what is called cross‑cutting

00:03:16.610 --> 00:03:24.620
aspects in ISO 17789 is this idea of portability and interoperability. During

00:03:24.620 --> 00:03:29.590
the trial period of consuming cloud services, it's important to understand

00:03:29.590 --> 00:03:33.930
that your service aggregation of multiple service is to consider the

00:03:33.930 --> 00:03:38.880
capabilities that support moving from one platform to another, and also

00:03:38.890 --> 00:03:41.480
interoperating between platforms.

00:03:41.520 --> 00:03:47.870
ISO 22237 relates the data center facilities and infrastructures.

00:03:47.880 --> 00:03:51.790
It has six elements including location recommendation,

00:03:51.790 --> 00:03:56.000
power distribution, control systems, monitoring and security,

00:03:56.010 --> 00:04:02.050
security for protection classes, and then operational and management security.

00:04:02.060 --> 00:04:06.550
From the standpoint of location and site selection, the cloud

00:04:06.550 --> 00:04:10.010
service provider is going to be very concerned about what kind of

00:04:10.010 --> 00:04:13.860
materials are used in order to build out their data centers.

00:04:14.340 --> 00:04:16.570
Depending on where you are in the world,

00:04:16.570 --> 00:04:22.040
the construction materials could be intractably mandated by local,

00:04:22.040 --> 00:04:28.940
regional, or state law. Also, what is the configuration that is being used,

00:04:28.950 --> 00:04:35.930
and fire protection mandates and laws, and also, the quality construction that

00:04:35.930 --> 00:04:40.330
would occur based upon the requirements of that business? Consideration should

00:04:40.330 --> 00:04:44.230
also be given to the environmental impact that a data center will have upon

00:04:44.230 --> 00:04:45.710
the surrounding environment.

00:04:45.720 --> 00:04:50.020
Are there alternative renewable energy sources that are available, and

00:04:50.030 --> 00:04:53.930
the possible effect that the environment will have upon the personnel

00:04:53.940 --> 00:04:56.470
related to the previous use of the land,

00:04:56.470 --> 00:05:00.300
for instance, was it formally used as environmental waste?

00:05:00.360 --> 00:05:05.280
Understanding what the output could mean to the overall environment,

00:05:05.290 --> 00:05:09.540
recent studies have shown that data centers are one of the biggest

00:05:09.540 --> 00:05:13.150
contributors to the carbon footprint of the world.

00:05:13.240 --> 00:05:19.750
Renewable energy then is what many of the top providers are actually seeking.

00:05:19.760 --> 00:05:25.040
Let's just consider what the top three that own most of the market are doing.

00:05:25.050 --> 00:05:26.090
As example,

00:05:26.100 --> 00:05:30.810
Amazon has become the world's largest corporate purchaser of renewable energy.

00:05:30.820 --> 00:05:34.320
The company's total renewable energy investment to date would

00:05:34.320 --> 00:05:39.680
supply 6.5 GW of electricity production capacity.

00:05:39.690 --> 00:05:44.970
That's enough to power 1.7 million US homes for a single year. Amazon

00:05:44.970 --> 00:05:50.590
announced plans to add 26 utility‑scale wind and solar energy project

00:05:50.590 --> 00:05:55.290
totaling 3.4 GW of electricity production.

00:05:55.300 --> 00:06:02.870
Google has reached 100% of global electricity in its renewable energy portfolio.

00:06:02.880 --> 00:06:08.610
They state that they are proud in 2020 to again match this 100% global

00:06:08.610 --> 00:06:13.370
electricity renewable process for a number of consecutive years.

00:06:13.380 --> 00:06:17.400
They were the first company of their size to achieve the milestone back

00:06:17.410 --> 00:06:25.540
in 2017. Microsoft has various activities that are targeting 2030 for

00:06:25.540 --> 00:06:29.030
being first in reducing their carbon footprint,

00:06:29.040 --> 00:06:34.090
including more water that they replenish than consume, and

00:06:34.100 --> 00:06:37.320
zero waste and carbon‑negative behavior.

00:06:37.330 --> 00:06:37.810
Next,

00:06:37.820 --> 00:06:43.660
we'll consider what design resilience means from a protection class perspective.