Introduction to ephemerality and immutability
1. Introduction to ephemerality and immutability
Nothing lasts forever, right? In this video, you’ll learn about ephemerality and immutability. These are two important concepts in the cloud, especially in cloud security. You’ll review ephemerality and immutability and how they keep the cloud secure. You’ll also explore the distributable, immutable, and ephemeral triad, also known as the DIE triad. So what is ephemerality? Ephemerality is the concept that things only exist for a short amount of time. For example, an access token is a piece of code that contains important information like the user’s ID, their permissions, and groups they belong to. Temporary access tokens expire shortly after they’re created. They give users enough time to provide the information needed to gain access, then they expire. So, when you apply the concept of ephemerality to infrastructure, it refers to resources that are created as the need arises, then made unavailable when no longer needed. Think of it this way: ephemerality is like having a paper file of confidential data that you read and then lock in a secure vault so no one else can read the file. Similarly, in cloud security, once your task is complete, ephemeral data is locked and is no longer available. Imagine an organization has highly confidential data that will only be needed for a short time. If the organization saves the data permanently there’s still a chance the data can be breached. However, if the data is ephemeral, once it’s used and the expiration time is up, the data is made unavailable. Even the most skilled attacker can’t access data once it becomes unavailable. Immutability is the concept of being unable to change an object after it is created and assigned a value. An object that’s immutable can't be changed after it’s created. So if your infrastructure is immutable, you can’t modify it. If something needs to be changed, you replace it with a different version. Immutability has benefits in cloud security. One benefit is that immutable assets can’t be changed, so they can’t introduce new vulnerabilities. For example, a web application has code that can’t be modified by users. This prevents the introduction of malicious code in the app. Because cloud servers are in remote data centers managed by cloud service providers, they need to be configured differently. Cloud security professionals need to rely on cloud-specific solutions. The DIE triad can help you do just that. DIE stands for distributed, immutable, and ephemeral. Distributed refers to the system resources that are distributed and not dependent on a single zone. Remember, a zone is the collective number of data centers in an area. Immutable means your infrastructure can be disposed of and replaced rather than modified. This is helpful because you can more easily identify and reverse changes by reverting to a previous version that’s been saved in an immutable state. Ephemeral means your resources are finite and can be disposed of when they are no longer being used. Attackers can be persistent, but they can’t access information that’s not available. In this video, you learned how ephemerality can help keep your data protected. You also learned about immutability and how you use it can protect your resources from being modified by keeping them in an unchangeable state. This knowledge will strengthen your effectiveness as a cloud security professional.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.