The Official (ISC)2 CCSP CBK Reference. Leslie Fife
Читать онлайн книгу.AI technology. The goal of AI is to create a machine that has the capabilities of a human and cannot be distinguished from a human. It is possible that AI could create intelligent agents online that are indistinguishable to human agents. This has the potential to impact the workforce, particularly in the lower skill areas. There is also concern about how agents could be manipulated to affect consumer behavior and choices. An unethical individual could use these tools to impact humanity. Safeguards in the technology and legal protections will need to be in place to protect the customers.
With the vast amount of data in the cloud, the use of AI is a security and privacy concern beyond the data mining and decision-making of ML. This greater ability to aggregate and manipulate data through the tools created through AI research creates growing concerns over security and privacy of that data and the uses that will be devised for this data.
These concerns and trends will continue to be important over the next several years.
Blockchain
Blockchain is similar to cloud computing, with some significant differences. A blockchain is an open distributed ledger of transactions, often financial, between two parties. This transaction is recorded in a permanent and verifiable manner. The records, or blocks, are linked cryptographically and are distributed across a set of computers, owned by a variety of entities.
Blockchain provides a secure way to perform anonymous transactions that also maintain nonrepudiation. The ability to securely store a set of records across multiple servers, perhaps in different CSPs or on-premise, could lead to new and powerful storage approaches. Any data transaction would be committed to the chain and could be verifiable and secure. Blockchain technology pushes the boundaries of cryptographic research in ways that support secure distributed computing.
In cloud computing, the data may be owned by a single entity. But, the ability to securely store this data across CSPs would open new storage methods and would lead to less vendor lock-in. Each data node could be in any location, on any server, within any CSP or on-premise, where each node in the data chain is not important. While not every record in the cloud is the result of a financial transaction, all data records are the result of some transaction.
Other improvements in the use of cryptography to link records in an immutable manner or improvements in the techniques used to distribute records across multiple servers would benefit both blockchain and cloud computing.
Internet of Things
With the growth of the Internet of Things (IoT), a great deal of data is being generated and stored. The cloud is a natural way to store this data. Particularly for large organizations, with IoT devices such as thermostats, cameras, irrigation controllers, and similar devices, the ability to store, aggregate, and mine this data in the cloud from any location with a network connection is beneficial.
The manufacturers of many IoT devices do not even consider the cybersecurity aspects of these devices. To an HVAC company, a smart thermostat may simply be a thermostat. These devices can be in service for many years and never have a firmware update. Patches and security updates are simply not installed, and these devices remain vulnerable.
It is not the data on the device that is always the target. The device may become part of a botnet and used in a DDoS attack. Cameras and microphones can be used to surveil individuals. Processes controlled by IoT devices can be interrupted in ways that damage equipment (e.g., Stuxnet) or reputations.
Few organizations are sufficiently mature to really protect IoT devices. This makes these devices more dangerous because they are rarely monitored. The cloud provides the ability to monitor and control a large population of devices from a central location. For some devices, such as a thermostat, this may be a small and acceptable risk. However, audio and visual feeds raise privacy, security, and safety concerns that must be addressed.
Containers
Virtualization is a core technology in cloud computing. It allows resource pooling, multitenancy, and other important characteristics. Containers are one approach to the virtualization. In a traditional virtualization environment, the hypervisor sits atop the host OS. The VM sits atop the hypervisor. The VM contains the guest OS and all files and applications needed in that VM. A machine can have multiple VMs, each running a different machine.
In containerization, there is no hypervisor and no guest OS. A container runtime sits above the host OS, and then each container uses the container runtime to access needed system resources. The container contains the files and data necessary to run, but no guest OS. The virtualization occurs higher in the stack and is generally smaller and can start up more quickly. It also uses fewer resources by not needing an additional OS in the virtual space. The smaller size of the container image and the low overhead are the primary advantages of containers over traditional virtualization.
Containers make a predictable environment for developers and can be deployed anywhere the container runtime is available. Similar to the Java Virtual Machine, a runtime is available for common operating systems and environments. Containers can be widely deployed. This improves portability by allowing the movement of containers from one CSP to another. Versioning and maintenance of the underlying infrastructure do not impact the containers as long as the container runtime is kept current.
The container itself is treated like a privileged user, which creates security concerns that must be addressed. Techniques and servers exist to address each of these security concerns such as a Cloud Access Security Broker (CASB). Security concerns exist and must be carefully managed. All major CSPs support some form of containerization.
Quantum Computing
Quantum computers use quantum physics to build extremely powerful computers. When these are linked to the cloud, it becomes quantum cloud computing. IBM, AWS, and Azure all provide a quantum computing service to select customers. The increased power of quantum computers and the use of the cloud may make AI and ML more powerful and will allow modeling of complex systems available on a scale never seen before. Quantum cloud computing has the ability to transform medical research, AI, and communication technologies.
A concern for quantum computing is that traditional methods for encryption/decryption could become obsolete as the vast power of the cloud coupled with quantum computing makes the search space more manageable. This would effectively break current cryptographic methods. New quantum methods of encryption would be necessary or methods not susceptible to quantum computing.
UNDERSTAND SECURITY CONCEPTS RELEVANT TO CLOUD COMPUTING
Security concepts for cloud computing mirror the same concepts in on-premises security, with some differences. Most of these differences are related to the customer not having access to the physical hardware and storage media. These concepts and concerns will be discussed in the following sections.
Cryptography and Key Management
Cryptography is essential in the cloud to support security and privacy. With multitenancy and the inability to securely wipe the physical drive used in a CSP's data center, information security and data privacy are more challenging, and the primary solution is cryptography.
Data at rest and data in motion must be securely encrypted. A customer will need to be able to determine whether a VM or container has been unaltered after deployment, requiring cryptographic tools. Secure communications are essential when moving data and processes between CSPs as well as to and from on-premise users. Again, cryptography is the solution.
One of the challenges with cryptography has always been key management. With many organizations using a multicloud strategy, key management becomes even more challenging. The questions to answer are
Where are the keys stored?
Who manages the keys (customer or CSP)?
Should