ITIL 4 Acquiring Managing Cloud Services Certification Course: Onboard - Security and Compliance
End-to-end view of user identity and behavior (application and database):
- Unauthorized access
- Threat and attack
- Privilege changes
- Critical knowledge
Security teams responsible for data protection
Understand cloud architecture security
Quick response
Cloud:
- Increases security complexity
- Allows automation
- Gives more control
- Allows granularization
Monitoring across cloud architectures:
- Access log files
- End-to-end monitoring
- Security management
Log files and monitoring tools:
- Track data modification
- Unauthorized access
- Simultaneous logins
- Access privilege changes
- Data manipulation
Visualize events with dashboards
Alerts: reactive to proactive response
Security intelligence
Monitoring aids audit
Ensure compliance
Aids rapid threat resolution
Common issues:
- Visibility
- Compliance
- Automation
- Development vs security
- Hybrid IT
- SLAs
1. Visibility
Service adoption needs coordination
Maintain visibility
Affects security
Cloud sprawl
Cloud resources can have short lifecycle
Legacy practices lack security
Security and authorization controls
Security policy
Reduce cloud sprawl through ITIL practices:
- Change enablement
- Define deployment
- Allow standard changes
- Service financial management: cost approval requirements
- Service request management
- Workflow management
- Authorization documentation
2. Compliance
Compliance is difficult
CSP can document compliance
Only applies to CSP responsibilities
CSPs can´t comply with every standard
Consumer must evaluate compliance
Consumer responsible for compliance within its environment
Compliance tips:
- Use compliance specialists
- Applly compliance best practice
- Consult CPS guidelines
Understand:
- Compliance in shared responsibility model
- Control implementation and maintenance
- Compliance agencies
3. Automation
Seen as security risk
Allows proactive security management
Consistent security application
Allows security staff to focus on high-value tasks
4. Development vs security
Development focuses on speed
Security desires thorough review
Creates silos
Common security rules
Collaboration between development and security
5. Hybrid IT
Multiple security policies
Different security practices
Tools and practices based on legacy systems
Don´t work with cloud
For example:
- Traditional network
- IP addresses assigned to physical and virtual machines
- Addresses don´t change
- Simple tracking method
- Cloud-native workloads
- Dynamic
- Separate services
- Static IPs too rigid
Mitigations:
- Understand each landscape
- Accept different security needs
- Collaborative IT policies
6. SLAs
SLAs affect:
- Security
- Business continuity
Set availability
Outlines what´s not provided
Effective SLAs:
- Availability
- Performance
- Security
- Compliance
- Privacy
- Data ownership
- Business continuity
- Data location and access
- Portability
- Problem and change management
- Dispute resolution
- Exit strategy
Establish criteria
Evaluate criticality of cloud service
Identify key management activities
Go back to ITIL 4 Acquiring Managing Cloud Services Certification Course: Onboard to finish this chapter or to the main page ITIL 4 Acquiring Managing Cloud Services Certification Course.
Interesting Topics
-
Be successfully certified ITIL 4 Managing Professional
Study, study and study, I couldn’t be successfully certified without studying it, if you are interested...
-
Be successfully certified ITIL 4 Strategic Leader
With my ITIL 4 Managing Professional certification (ITIL MP) in the pocket, it was time to go for the...
-
Hide visual and change background color based on selection
Some small tricks to customize the background colour of a text box...
-
Stacked and clustered column chart or double stacked column chart
In excel, I use a lot the combination of clustered and stacked chart...