Chapter 3: Securing Storage Services
In the previous chapter, we covered compute services. After compute services, the second most common resource everyone talks about is storage – from object storage to block storage (which is also known as instance attached storage), to file storage.
We are using storage services to store our data.
The following is a list of common threats that might impact our data when it is stored in the cloud:
- Unauthorized access
- Data leakage
- Data exfiltration
- Data loss
As a best practice, we should always use the following countermeasures when storing data in the cloud:
- Access-control lists (ACLs; note that each cloud provider has its own implementation) and Identity and Access Management (IAM), to restrict access from our cloud environment to the storage service
- Encryption at both transit and rest to ensure data confidentiality
- Auditing to have a log of who has access to our data and what actions were...
