Add in new object storage controls on encryption for impact and replication to untrusted destinations

[mlysaght2017]

Need to work on tests, but would like to get to initial feedback on control objectives first

[mlysaght2017]

@nas-hub @rowan-baker - can you please take a look at these two proposed controls

[nas-hub]

Assuming untrusted KMS keys here refer to keys in non prod environments or keys in cloud tenants/projects that have Chinese-wall around it. The actual test will be, while configuring the cloud storage with corresponding key store, to check is the provided key store meets rules like same environment, project, folder etc.

[nas-hub]

How can we define Untrusted destinations: Will this be a list of Services, list of geographies, list of thirdparties etc. If it is geographies then there is a scope to merge this with C7, where in we can expand C7 to include backups to be also blocked in restricted regions and zones.

We need to define "Untrusted Destinations"

[mlysaght2017]

Thinking here is that untrusted destinations (resources) are any that exist outside of a defined identity/network perimeter (e.g.) at the organization level. E.g. if targeted destination/resource is not within a member project/account/subscription within the org, then deny.

[nas-hub]

Got it, we may need to have a glossary of terms we use in CCC and define its scope. Or probably just qualify the untrusted destination further contracting it with Trusted Identity Perimeter, Truster Network Perimeter similar to the term Trusted Computing Base defined in NIST/ISC2.

The control and testing requirement LGTM

[eddie-knight]

[will add note later]

[mlysaght2017]

@damienjburks @eddie-knight can you please review/approve if you haven't already - I've just added in an extra line of detail on what we mean by untrusted resource/untrusted perimeters based on feedback from @nas-hub

[damienjburks]

LGTM! 🚀