Learn about how cloud security and governance are linked.
- [Instructor] Okay now let's talk about security and governance. So what's important about this is that you need to bind governance and security together. They can't be separated. So governance is dependent on security. So we can understand who's doing what where and how, and what restrictions are based on that person or persons or devices or systems, and this is about leveraging a single approach to solve many problems. So typically governance and security systems are going to be working together because governance policies are going to need to be secure, in other words, we need to protect the policies of course, because we change the policies.
We can access the system, but more importantly, we need to be able to enforce with those policies security restrictions and regulations that we're building into those systems in our behalf. So the way in which we do that is, in essence, insure that security knows what the governance side is doing and the governance knows what the security side is doing. So security and governance is important just because of the links that need to occur. So it's not necessarily you're going to get a core system as far as integration of your security and governance system but you'll find that you'll have some security system that come with some governance capabilities and some governance systems that come with some security capabilities.
So the idea is just to understand that this coexistence needs to exist and so if you do not have this and you're in state, then you're going to be vulnerable because people are going to be able to exploit openings in your governance systems or openings in your security systems because it's not necessarily meshing with your governance environment. So shared repositories, the ability to share information, the ability to share directories, the ability to share encryption services, compliance services, things like that, all a part of the stack.
So the types of governance solutions that are out there, again in security, we have active and passive. In other words, active we know is able to carry things out as we need to. Passive does not. That's why we typically don't use passive these days, and then within the active system, the ability of provision, the ability to deal with security, and the ability to deal with managing of the systems. Revisioning servers and having those servers governed and secure in a certain way. Provisioning security-based systems such as roles, role-based access and security groups, identity access, managing kinds of systems, extremely important, and then most importantly, the ability to deal with management of the system.
We're going to manage these systems. They have to be secure under management, so ongoing, we're looking proactively at what's occurring within our cloud-based systems, looking for intrusion detection based on saturation of resources. The ability to kind of limit the way in which we're scoping use of those resources so we understand who's attacking them and who's not, and all these things are basically part of the mix.
- Cloud governance basics
- Cloud resource governance
- How cloud security and governance are linked
- Defining governance policies
- Cloud management platform basics
- Reviewing service governance tools
- Cloud governance costs
- Understanding your requirements
- Finding the right tools
- Testing cloud governance
- How operations deals with governance