WEBVTT

1
00:00:00.120 --> 00:00:01.440
In this lesson,

2
00:00:01.440 --> 00:00:05.520
we will learn about connectivity and integration.

3
00:00:05.520 --> 00:00:08.880
Connectivity and integration ensure secure

4
00:00:08.880 --> 00:00:12.870
and seamless connections between customer systems

5
00:00:12.870 --> 00:00:15.000
and cloud services.

6
00:00:15.000 --> 00:00:18.210
Connectivity and integration concepts

7
00:00:18.210 --> 00:00:21.540
include customer-to-cloud connectivity,

8
00:00:21.540 --> 00:00:26.540
cloud service integration and shadow IT detection.

9
00:00:26.700 --> 00:00:29.160
Customer-to-cloud connectivity

10
00:00:29.160 --> 00:00:32.730
refers to the secure connection established

11
00:00:32.730 --> 00:00:37.290
between a customer's network and the cloud provider.

12
00:00:37.290 --> 00:00:42.290
Next, cloud service integration involves securely linking

13
00:00:42.330 --> 00:00:47.190
different cloud services and platforms to work together.

14
00:00:47.190 --> 00:00:51.390
Finally, shadow IT detection is the process

15
00:00:51.390 --> 00:00:56.390
of identifying and managing unauthorized cloud services

16
00:00:56.670 --> 00:01:00.120
or applications that employees may install

17
00:01:00.120 --> 00:01:04.770
and use without the IT team's knowledge.

18
00:01:04.770 --> 00:01:08.970
Let's learn more about customer-to-cloud connectivity,

19
00:01:08.970 --> 00:01:13.920
cloud service integration and shadow IT detection.

20
00:01:13.920 --> 00:01:18.240
First, we have customer-to-cloud connectivity.

21
00:01:18.240 --> 00:01:22.500
Customer-to-cloud connectivity refers to the secure,

22
00:01:22.500 --> 00:01:25.920
reliable and high performing connection

23
00:01:25.920 --> 00:01:28.980
between a customer's internal network

24
00:01:28.980 --> 00:01:32.220
and their chosen cloud provider.

25
00:01:32.220 --> 00:01:36.210
This connection should ensure that data transmitted

26
00:01:36.210 --> 00:01:39.840
between the customer's on-premise infrastructure

27
00:01:39.840 --> 00:01:42.591
and the cloud environment is protected

28
00:01:42.591 --> 00:01:45.840
from interception or tampering.

29
00:01:45.840 --> 00:01:48.600
For example, a company might use

30
00:01:48.600 --> 00:01:52.110
a virtual private network, or VPN

31
00:01:52.110 --> 00:01:55.470
to securely connect their internal servers

32
00:01:55.470 --> 00:02:00.470
to a cloud platform such as Amazon Web Services, or AWS,

33
00:02:01.380 --> 00:02:03.840
or Microsoft Azure.

34
00:02:03.840 --> 00:02:08.520
This would protect sensitive data moving between the company

35
00:02:08.520 --> 00:02:10.950
and the cloud provider,

36
00:02:10.950 --> 00:02:15.480
ensuring it is encrypted and shielded from attackers.

37
00:02:15.480 --> 00:02:20.370
Another secure connectivity option might include

38
00:02:20.370 --> 00:02:25.370
using a dedicated line, such as AWS Direct Connect,

39
00:02:26.130 --> 00:02:29.820
which provides a private high speed connection

40
00:02:29.820 --> 00:02:33.780
directly to the cloud provider's infrastructure.

41
00:02:33.780 --> 00:02:37.410
This type of connection would be more expensive,

42
00:02:37.410 --> 00:02:41.880
but would offer increased reliability and lower latency.

43
00:02:41.880 --> 00:02:45.540
The security of customer-to-cloud connectivity

44
00:02:45.540 --> 00:02:49.560
is particularly important when organizations deal

45
00:02:49.560 --> 00:02:52.770
with large volumes of sensitive data,

46
00:02:52.770 --> 00:02:55.440
such as financial institutions

47
00:02:55.440 --> 00:02:59.850
or healthcare organizations handling patient records.

48
00:02:59.850 --> 00:03:02.580
Without proper security measures,

49
00:03:02.580 --> 00:03:05.400
data is vulnerable to interception,

50
00:03:05.400 --> 00:03:08.100
exposing sensitive information.

51
00:03:08.100 --> 00:03:10.800
For instance, if a company transfers

52
00:03:10.800 --> 00:03:15.780
sensitive customer information to a cloud hosted database,

53
00:03:15.780 --> 00:03:19.500
they need to ensure that the connection is encrypted

54
00:03:19.500 --> 00:03:23.220
using protocols like transport layer security

55
00:03:23.220 --> 00:03:25.620
for internet-based connections

56
00:03:25.620 --> 00:03:30.300
or use a private line like AWS Direct Connect

57
00:03:30.300 --> 00:03:33.240
to prevent unauthorized access.

58
00:03:33.240 --> 00:03:36.360
Additionally, establishing a reliable

59
00:03:36.360 --> 00:03:40.020
and high performing connection should be considered.

60
00:03:40.020 --> 00:03:42.960
In industries where uptime is critical,

61
00:03:42.960 --> 00:03:46.530
such as e-commerce or financial services,

62
00:03:46.530 --> 00:03:50.880
a slow or unreliable connection can negatively affect

63
00:03:50.880 --> 00:03:55.880
the user experience or result in operational downtime.

64
00:03:56.040 --> 00:04:00.240
So companies often use redundant connections

65
00:04:00.240 --> 00:04:05.240
or implement failover strategies to ensure that connectivity

66
00:04:05.280 --> 00:04:09.750
is maintained even in the event of a network failure.

67
00:04:09.750 --> 00:04:12.270
This creates reliability.

68
00:04:12.270 --> 00:04:15.840
Second, we have cloud service integration.

69
00:04:15.840 --> 00:04:18.600
Cloud service integration is the process

70
00:04:18.600 --> 00:04:23.460
of securely linking different cloud services and platforms

71
00:04:23.460 --> 00:04:27.030
to ensure that they work together seamlessly.

72
00:04:27.030 --> 00:04:30.600
Many businesses rely on a combination

73
00:04:30.600 --> 00:04:34.380
of cloud services from different providers,

74
00:04:34.380 --> 00:04:37.980
which may include storage, computing power

75
00:04:37.980 --> 00:04:41.070
and software-as-a-service application.

76
00:04:41.070 --> 00:04:44.340
Cloud service integration further ensures

77
00:04:44.340 --> 00:04:47.841
that data flows securely and efficiently

78
00:04:47.841 --> 00:04:52.740
between these services without exposing vulnerabilities.

79
00:04:52.740 --> 00:04:57.660
For example, a company using Google Cloud for data storage

80
00:04:57.660 --> 00:05:01.650
and Salesforce for customer relationship management

81
00:05:01.650 --> 00:05:06.630
might integrate these two platforms using secure APIs,

82
00:05:06.630 --> 00:05:09.480
or application programming interfaces,

83
00:05:09.480 --> 00:05:13.260
to enable real time data sharing between them.

84
00:05:13.260 --> 00:05:17.190
One key challenge in cloud service integration

85
00:05:17.190 --> 00:05:20.250
is ensuring that data remains secure

86
00:05:20.250 --> 00:05:23.490
as it moves between different environments.

87
00:05:23.490 --> 00:05:28.080
For instance, when integrating services across public,

88
00:05:28.080 --> 00:05:30.600
private or hybrid clouds,

89
00:05:30.600 --> 00:05:32.790
encryption must be implemented

90
00:05:32.790 --> 00:05:35.430
not only for the data at rest,

91
00:05:35.430 --> 00:05:39.960
but also for the data in transit between these systems.

92
00:05:39.960 --> 00:05:43.560
This can be done using secure APIs,

93
00:05:43.560 --> 00:05:47.340
ensuring that data exchanged between services

94
00:05:47.340 --> 00:05:50.610
remains encrypted and authenticated.

95
00:05:50.610 --> 00:05:54.630
This protection reduces the risk of data breach

96
00:05:54.630 --> 00:05:57.300
or unauthorized access.

97
00:05:57.300 --> 00:05:59.970
Another important consideration

98
00:05:59.970 --> 00:06:04.050
is implementing proper access control policies

99
00:06:04.050 --> 00:06:08.640
to ensure that only authorized services and users

100
00:06:08.640 --> 00:06:11.910
have access to the integrated systems,

101
00:06:11.910 --> 00:06:15.690
preventing any potential security gaps.

102
00:06:15.690 --> 00:06:17.970
In cloud service integration,

103
00:06:17.970 --> 00:06:22.800
performance and compatibility should also be considered.

104
00:06:22.800 --> 00:06:26.066
Integrating cloud services requires ensuring

105
00:06:26.066 --> 00:06:30.390
that systems are compatible and can communicate

106
00:06:30.390 --> 00:06:33.750
without delays or disruptions.

107
00:06:33.750 --> 00:06:38.250
So businesses often use integration platforms

108
00:06:38.250 --> 00:06:42.000
to manage these connections, monitor data flows

109
00:06:42.000 --> 00:06:46.380
and address any performance issues in real time.

110
00:06:46.380 --> 00:06:50.700
For example, integration platforms like MuleSoft

111
00:06:50.700 --> 00:06:55.410
or Microsoft Azure Logic Apps provide tools

112
00:06:55.410 --> 00:06:59.670
that allow businesses to connect to various cloud services

113
00:06:59.670 --> 00:07:01.680
and on-premise systems

114
00:07:01.680 --> 00:07:05.130
through application programming interfaces,

115
00:07:05.130 --> 00:07:09.060
making it easier to manage multiple services

116
00:07:09.060 --> 00:07:11.310
from different providers.

117
00:07:11.310 --> 00:07:14.310
By using cloud service integration,

118
00:07:14.310 --> 00:07:18.300
businesses can leverage multiple cloud platforms

119
00:07:18.300 --> 00:07:23.300
to enhance flexibility, improve operational efficiency

120
00:07:23.430 --> 00:07:26.580
and ensure that data is securely shared

121
00:07:26.580 --> 00:07:28.920
between environments.

122
00:07:28.920 --> 00:07:33.920
Third and last, we have shadow IT detection.

123
00:07:33.960 --> 00:07:38.190
Shadow IT detection is the process of identifying

124
00:07:38.190 --> 00:07:43.190
and managing unauthorized cloud services or applications

125
00:07:43.830 --> 00:07:46.830
that employees use without the knowledge

126
00:07:46.830 --> 00:07:49.320
of the IT department.

127
00:07:49.320 --> 00:07:52.410
While not necessarily malicious,

128
00:07:52.410 --> 00:07:56.850
shadow IT can pose significant security risks,

129
00:07:56.850 --> 00:07:58.315
because it bypasses

130
00:07:58.315 --> 00:08:03.030
the organization's established security controls,

131
00:08:03.030 --> 00:08:07.140
leaving sensitive data vulnerable to breaches.

132
00:08:07.140 --> 00:08:09.975
For example, an employee might use

133
00:08:09.975 --> 00:08:14.730
unapproved cloud storage services like Dropbox

134
00:08:14.730 --> 00:08:16.470
to share work files,

135
00:08:16.470 --> 00:08:19.830
which could result in sensitive company data

136
00:08:19.830 --> 00:08:23.430
being stored in an insecure environment.

137
00:08:23.430 --> 00:08:27.900
If IT teams are unaware of these services,

138
00:08:27.900 --> 00:08:32.070
they cannot ensure that the proper security measures,

139
00:08:32.070 --> 00:08:35.130
such as encryption or access controls,

140
00:08:35.130 --> 00:08:37.980
are in place to protect the data,

141
00:08:37.980 --> 00:08:40.800
resulting in vulnerabilities.

142
00:08:40.800 --> 00:08:43.860
One of the biggest risks of shadow IT

143
00:08:43.860 --> 00:08:48.360
is the potential for data leakage or noncompliance

144
00:08:48.360 --> 00:08:51.030
with regulatory requirements

145
00:08:51.030 --> 00:08:54.540
for industries like healthcare or finance,

146
00:08:54.540 --> 00:08:56.940
where data privacy regulations

147
00:08:56.940 --> 00:08:59.310
like the Healthcare Insurance Portability

148
00:08:59.310 --> 00:09:00.990
and Accountability Act

149
00:09:00.990 --> 00:09:04.680
or the General Data Protection Regulation apply,

150
00:09:04.680 --> 00:09:09.480
unauthorized cloud services stemming from shadow IT,

151
00:09:09.480 --> 00:09:11.520
can expose the organization

152
00:09:11.520 --> 00:09:14.340
to legal and financial penalties.

153
00:09:14.340 --> 00:09:19.340
For example, if employees are using unapproved software

154
00:09:19.410 --> 00:09:22.410
to handle sensitive client information,

155
00:09:22.410 --> 00:09:26.730
it could result in non-compliance with these regulations,

156
00:09:26.730 --> 00:09:29.730
leading to breaches of confidentiality.

157
00:09:29.730 --> 00:09:34.020
Additionally, because these unauthorized services

158
00:09:34.020 --> 00:09:37.320
are not monitored by the IT department,

159
00:09:37.320 --> 00:09:40.410
they may lack proper security controls,

160
00:09:40.410 --> 00:09:44.640
further increasing the risk of data exposure.

161
00:09:44.640 --> 00:09:48.690
So detecting and managing shadow IT

162
00:09:48.690 --> 00:09:51.600
is crucial to maintaining the security

163
00:09:51.600 --> 00:09:55.740
and regulatory compliance of cloud environments.

164
00:09:55.740 --> 00:09:58.920
Next, to detect shadow IT,

165
00:09:58.920 --> 00:10:02.490
organizations can implement monitoring tools

166
00:10:02.490 --> 00:10:06.180
that track data flows and identify unknown

167
00:10:06.180 --> 00:10:09.960
or unauthorized cloud services in use.

168
00:10:09.960 --> 00:10:13.410
For instance, a company might use tools

169
00:10:13.410 --> 00:10:18.410
like Microsoft Cloud App Security or Cisco Cloudlock

170
00:10:18.690 --> 00:10:21.150
to monitor employee activity

171
00:10:21.150 --> 00:10:24.810
and flag any unapproved applications.

172
00:10:24.810 --> 00:10:28.800
Once detected, the IT team can either block

173
00:10:28.800 --> 00:10:30.750
the unauthorized service

174
00:10:30.750 --> 00:10:33.149
or work with the employee to transition

175
00:10:33.149 --> 00:10:36.900
to an approved secure alternative.

176
00:10:36.900 --> 00:10:41.900
So by proactively detecting and managing shadow IT,

177
00:10:42.030 --> 00:10:46.440
organizations can reduce the risk of security breaches,

178
00:10:46.440 --> 00:10:50.790
ensure compliance and maintain full visibility

179
00:10:50.790 --> 00:10:54.810
over the services used within their network.

180
00:10:54.810 --> 00:10:59.810
So remember, connectivity and integration ensure secure

181
00:11:00.960 --> 00:11:02.910
and seamless connections

182
00:11:02.910 --> 00:11:07.170
between customer systems and cloud services,

183
00:11:07.170 --> 00:11:11.070
specifically customer-to-cloud connectivity

184
00:11:11.070 --> 00:11:14.118
refers to the secure connection established

185
00:11:14.118 --> 00:11:19.080
between a customer's network and the cloud provider,

186
00:11:19.080 --> 00:11:21.330
protecting data in transit

187
00:11:21.330 --> 00:11:25.020
and maintaining trusted communication channels.

188
00:11:25.020 --> 00:11:29.665
Next, cloud service integration involves securely linking

189
00:11:29.665 --> 00:11:33.630
different cloud services and platforms,

190
00:11:33.630 --> 00:11:38.630
ensuring smooth data flow and operational efficiency

191
00:11:38.700 --> 00:11:41.910
without introducing vulnerabilities.

192
00:11:41.910 --> 00:11:45.500
Finally, shadow IT detection focuses

193
00:11:45.500 --> 00:11:50.500
on identifying and managing unauthorized cloud services

194
00:11:50.670 --> 00:11:55.590
or applications used without the IT team's knowledge,

195
00:11:55.590 --> 00:11:58.740
which can pose security risks.

196
00:11:58.740 --> 00:12:02.190
So effective cloud management requires

197
00:12:02.190 --> 00:12:05.790
a strong connectivity, careful integration

198
00:12:05.790 --> 00:12:10.053
and the ability to detect and mitigate shadow IT.