Page 604 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 604

to recover from errors or poor updates. It’s often easier and faster to
               make backups of entire virtual systems rather than the equivalent

               native hardware-installed system.

               Virtualization doesn’t lessen the security management requirements of
               an OS. Thus, patch management is still essential. Patching or updating
               virtualized OSs is the same process as for a traditionally hardware-
               installed OS, with the added benefit that you may be able to patch
               systems (or swap out active systems) without taking the service down.

               Also, don’t forget that you need to keep the virtualization host updated
               as well.

               When you’re using virtualized systems, it’s important to protect the
               stability of the host. This usually means avoiding using the host for
               any purpose other than hosting the virtualized elements. If host
               availability is compromised, the availability and stability of the virtual
               systems are also compromised.

               Virtualized systems should be security tested. The virtualized OSs can

               be tested in the same manner as hardware-installed OSs, such as with
               vulnerability assessment and penetration testing. However, the
               virtualization product may introduce additional and unique security
               concerns, so the testing process needs to be adapted to include those
               idiosyncrasies.

               A cloud access security broker (CASB) is a security policy enforcement
               solution that may be installed on-premises, or it may be cloud-based.

               The goal of a CASB is to enforce and ensure that proper security
               measures are implemented between a cloud solution and a customer
               organization.

               Security as a service (SECaaS) is a cloud provider concept in which
               security is provided to an organization through or by an online entity.
               The purpose of SECaaS solutions are to reduce the cost and overhead
               of implementing and managing security locally. SECaaS often

               implements software-only security components that do not need
               dedicated on-premises hardware. SECaaS security components can
               include a wide range of security products, including authentication,
               authorization, auditing/accounting, anti-malware, intrusion detection,
               compliance and vulnerability scanning, penetration testing, and
   599   600   601   602   603   604   605   606   607   608   609