Understanding Security Risks and Threats in the Cloud - Part 1 Podcast Por arte de portada

Understanding Security Risks and Threats in the Cloud - Part 1

Understanding Security Risks and Threats in the Cloud - Part 1

Escúchala gratis

Ver detalles del espectáculo

Obtén 3 meses por US$0.99 al mes + $20 crédito Audible
This week, Lois Houston and Nikita Abraham are joined by Principal OCI Instructor Orlando Gentil to explore what truly keeps data safe, and what puts it at risk. They discuss the CIA triad, dive into hashing and encryption, and shed light on how cyber threats like malware, phishing, and ransomware try to sneak past defenses. Cloud Tech Jumpstart: https://mylearn.oracle.com/ou/course/cloud-tech-jumpstart/152992 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------ Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:25 Lois: Hello and welcome to the Oracle University Podcast! I'm Lois Houston, Director of Innovation Programs with Oracle University, and with me is Nikita Abraham, Team Lead: Editorial Services. Nikita: Hey everyone! Last week, we discussed how you can keep your data safe with authentication and authorization. Today, we'll talk about various security risks that could threaten your systems. 00:48 Lois: And to help us understand this better, we have Orlando Gentil, Principal OCI Instructor, back with us. Orlando, welcome back! Let's start with the big picture—why is security such a crucial part of our digital world today? Orlando: Whether you are dealing with files stored on a server or data flying across the internet, one thing is always true—security matters. In today's digital world, it's critical to ensure that data stays private, accurate, and accessible only to the right people. 01:20 Nikita: And how do we keep data private, secure, and unaltered? Is there a security framework that we can use to make sense of different security practices? Orlando: The CIA triad defines three core goals of information security. CIA stands for confidentiality. It's about keeping data private. Only authorized users should be able to access sensitive information. This is where encryption plays a huge role. Integrity means ensuring that the data hasn't been altered, whether accidentally or maliciously. That's where hashing helps. You can compare a stored hash of data to a new hash to make sure nothing's changed. Availability ensures that data is accessible when it's needed. This includes protections like system redundancy, backups, and anti-DDoS mechanisms. Encryption and hashing directly support confidentiality and integrity. And they indirectly support availability by helping keep systems secure and resilient. 02:31 Lois: Let's rewind a bit. You spoke about something called hashing. What does that mean? Orlando: Hashing is a one-way transformation. You feed in data and it produces a unique fixed length string called a hash. The important part is the same input always gives the same output, but you cannot go backward and recover the original data from the hash. It's commonly used for verifying integrity. For example, to check if a file has changed or a message was altered in transit. Hashing is also used in password storage. Systems don't store actual passwords, just their hashes. When you log in, the system hashes what you type it and compare the stored hash. If they match, you're in. But your actual password was never stored or revealed. So hashing isn't about hiding data, it's about providing it hasn't changed. So, while hashing is all about protecting integrity, encryption is the tool we use to ensure confidentiality. 03:42 Nikita: Right, the C in CIA. And how does it do that? Orlando: Encryption takes readable data, also known as plaintext, and turns it into something unreadable called ciphertext using a key. To get the original data back, you need to decrypt it using the right key. This is especially useful when you are storing sensitive files or sending data across networks. If someone intercepts the data, all they will see is gibberish, unless they have the correct key to decrypt it. Unlike hashing, encryption is reversible as long as you have the right key. 04:23 Lois: And are there different types of encryption that serve different purposes? Orlando: Symmetric and asymmetric encryption. With symmetric encryption, the same key is used to both encrypt and decrypt the data. It's fast and great for securing large volumes of data, but the challenge lies in safely sharing the key. Asymmetric encryption solves that problem. It uses a pair of keys: public key that anyone can use to encrypt data, and a private key that only the recipient holds to decrypt it. This method is more secure for communications, but also slower and more resource-intensive. In practice, systems often use both asymmetric ...
Todavía no hay opiniones