11_Cloud Security Principles Review

Flashcards reviewing cloud security principles, the AWS shared responsibility model, the Well Architected Framework's security pillar, identity foundation, principle of least privilege, and data encryption.

According to the AWS shared responsibility model, who is responsible for security OF the cloud, and who is responsible for security IN the cloud?

AWS is responsible for the security of the cloud; the customer is responsible for security in the cloud.

Besides security, what are the other five pillars of the AWS Well Architected Framework?

Operational excellence, reliability, performance efficiency, cost optimization, and sustainability.

Name at least three of the seven design principles presented in the security pillar of the AWS Well Architected Framework.

Implement a strong identity foundation, protect data in transit and at rest, apply security at all layers, keep people away from your data, maintain traceability, prepare for security events, and automate best practices.

What are the key aspects of the principle of least privilege?

Granting only the permission required to do a task, starting with the minimum set of permissions, and revoking unnecessary permissions.

What does 'data in transit' refer to?

Data as it is actively moving from one location to another.

How is data in transit protected?

Using a cryptographic protocol to secure the pipe that the data is moving through.

How is data at rest protected?

Encrypting the files themselves where they are being stored.

In client-side encryption, when are objects encrypted?

Objects are encrypted before they're sent to the cloud.

In server-side encryption, when/where is the data encrypted? Give an example of a service that uses server-side encryption.

The data is encrypted before it's stored; Amazon S3.