Page 1147 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1147

high-speed network that hosts multiple storage devices. They are often
               used with servers that need high-speed access to data. These have

               historically been expensive due to the complex hardware requirements
               of the SAN. VSANs bypass these complexities with virtualization.

               The primary software component in virtualization is a hypervisor. The
               hypervisor manages the VMs, virtual data storage, and virtual network
               components. As an additional layer of software on the physical server,
               it represents an additional attack surface. If an attacker can

               compromise a physical host, the attacker can potentially access all of
               the virtual systems hosted on the physical server. Administrators often
               take extra care to ensure that virtual hosts are hardened.

               Although virtualization can simplify many IT concepts, it’s important
               to remember that many of the same basic security requirements still
               apply. For example, each VM still needs to be updated individually.
               Updating the host system doesn’t update the VMs. Additionally,

               organizations should maintain backups of their virtual assets. Many
               virtualization tools include built-in tools to create full backups of
               virtual systems and create periodic snapshots, allowing relatively easy
               point-in-time restores.


               Managing Cloud-Based Assets


               Cloud-based assets include any resources that an organization
               accesses using cloud computing. Cloud computing refers to on-
               demand access to computing resources available from almost
               anywhere, and cloud computing resources are highly available and
               easily scalable. Organizations typically lease cloud-based resources
               from outside the organization, but they can also host on-premises
               resources within the organization. One of the primary challenges with
               cloud-based resources hosted outside the organization is that they are

               outside the direct control of an organization, making it more difficult
               to manage the risk.

               Some cloud-based services only provide data storage and access.
               When storing data in the cloud, organizations must ensure that
               security controls are in place to prevent unauthorized access to the
               data. Additionally, organizations should formally define requirements
   1142   1143   1144   1145   1146   1147   1148   1149   1150   1151   1152