From the course: Modern Cloud Security: Shift-Left, Observability, and Automated Defense
Encryption in transit: Securing data during transfer
From the course: Modern Cloud Security: Shift-Left, Observability, and Automated Defense
Encryption in transit: Securing data during transfer
- [Instructor] I am glad to have you back. Data is most vulnerable when traveling between systems. Encryption in transit is like an envelope. It wraps your data in a secure layer so only the intended recipient can open it. The risks of skipping this? Eavesdropping and man in the middle attacks. For example, an unencrypted login form could expose passwords to anyone monitoring the network. In this video, we'll mention these key concepts a lot, TLS and VPN. As a security analyst, you probably know already what these are, but if you are just starting in the security realm, you might need to learn those concepts. TLS stands for Transport Layer Security, and it is the gold standard for encrypting web traffic. TLS uses certificates to authenticate servers and encrypts data with symmetric keys. Always use TLS 1.2 or 1.3. Older versions like SSL 3.0 or TLS 1.0 are outdated and insecure. VPNs, or virtual private networks, are used for secure site-to-site or remote access. The main use case for VPNs in the cloud context is to encrypt traffic between on-premises data centers and the cloud, or let remote employees securely access cloud resources. In my career, I've seen many organizations fall for a few common pitfalls. Don't assume defaults are secure. Many services allow outdated TLS versions unless you explicitly disable them. Monitor certificate expiry. Use tools like Azure Monitor, GCP Cloud Monitoring, or AWS CloudWatch to alert you before certificates expire. Last but not least, test your setup. Use tools like SSL Labs test to scan for vulnerabilities in your TLS configuration. If we imagine that your organization hosts a payment processing app in the cloud, you might need to do the following to ensure proper data protection in transit. In the front end component, use TLS 1.3 on your load balancer. For the backend, ensure that the microservices communicate over HTTPS, not plain HTTP. Also, encrypt data syncs between primary and backup databases using VPNs or TLS. If a hacker intercepts traffic, they'll see only encrypted gibberish, not credit card numbers or session cookies. In the next video, we'll talk about backup, specifically, how to design efficient backup strategies.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Data classification and governance1m 29s
-
(Locked)
Establishing data governance policies5m 6s
-
(Locked)
Compliance considerations for data handling4m 21s
-
(Locked)
Encryption strategies4m 42s
-
(Locked)
Encryption at rest: Techniques and tools4m 20s
-
Encryption in transit: Securing data during transfer2m 31s
-
(Locked)
Designing effective backup strategies3m 36s
-
(Locked)
Disaster recovery planning in the cloud3m 39s
-
(Locked)
DLP policies to prevent unauthorized data access4m 3s
-
(Locked)
Monitoring and responding to DLP alerts4m 9s
-
(Locked)
-
-
-
-
-
-