CLOUD SECURITY CRASH COURSE

Similar documents
IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security Camp 2016 Cloud Security. August 18, 2016

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Course Overview This five-day course will provide participants with the key knowledge required to deploy and configure Microsoft Azure Stack.

Access Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Security & Compliance in the AWS Cloud. Amazon Web Services

Building a Secure and Compliant Cloud Infrastructure. Ben Goodman Principal Strategist, Identity, Compliance and Security Novell, Inc.

Cloud Customer Architecture for Securing Workloads on Cloud Services

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

Securing Your Cloud Introduction Presentation

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Microsoft Security Management

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Introduction to Cloud Computing

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

NEXT GENERATION CLOUD SECURITY

Security Models for Cloud

Building a More Secure Cloud Architecture

Morgan Independent Software Vendor Lead

Getting Started with AWS Security

Cloud Essentials for Architects using OpenStack

Architecting for Greater Security in AWS

Secure Cloud Computing Architecture (SCCA)

Dimension Data IaaS Services. Gary Ramsay

Cloud Computing, SaaS and Outsourcing

20537A: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack

CLOUD WORKLOAD SECURITY

Security Readiness Assessment

Qualys Cloud Platform

Best Practices in Securing a Multicloud World

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

PCI DSS Compliance. White Paper Parallels Remote Application Server

Title: Planning AWS Platform Security Assessment?

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Enhanced Privacy ID (EPID), 156

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

The Business of Security in the Cloud

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Building Hybrid Clouds

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

CSV-W14 - BUILDING AND ADOPTING A CLOUD-NATIVE SECURITY PROGRAM

AZURE CLOUD SECURITY GUIDE: 6 BEST PRACTICES. To Secure Azure and Hybrid Cloud Environments

Cloud Transformation Program Cloud Change Champions June 20, 2018

Cybersecurity Roadmap: Global Healthcare Security Architecture

LINUX, WINDOWS(MCSE),

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Lift and Shift, Don t Lift and Pray: Pragmatic Cloud Migration Strategies

the SWIFT Customer Security

THE IMPACT OF HYBRID AND MULTI CLOUDS TO CYBERSECURITY PRIORITIES

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Architecting Microsoft Azure Solutions (proposed exam 535)

PROTECT WORKLOADS IN THE HYBRID CLOUD

The Oracle Trust Fabric Securing the Cloud Journey

TXU Energy. Key Considerations for Managed & Cloud Services

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Deep Security Integration with Sumo Logic

Qualys Cloud Platform

Secure Cloud Computing Architecture (SCCA)

HARNESSING THE HYBRID CLOUD TO DRIVE GREATER BUSINESS AGILITY

Passwords Are Dead. Long Live Multi-Factor Authentication. Chris Webber, Security Strategist

Cloud Transformation and Significance of Security

CyberPosture Intelligence for Your Hybrid Infrastructure

Cloud Computing Private Cloud

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Best Practices for Securing Your AWS Cloud Network

Pragmatic Cloud Security

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

State of Cloud Adoption. Cloud usage is over 90%, are you ready?

Twilio cloud communications SECURITY

Securing Microservices Containerized Security in AWS

VMware Hybrid Cloud Solution

2018 Cisco and/or its affiliates. All rights reserved.

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Hybrid Cloud Management: Transforming hybrid cloud delivery

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

CipherCloud CASB+ Connector for ServiceNow

OptiSol FinTech Platforms

Secure & Unified Identity

Leveraging cloud for real business transformation

Automating Security Practices for the DevOps Revolution

How Microsoft Azure Stack Streamlines Bi-Modal IT

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.1 SUCCESS AKAMAI SOLUTIONS BRIEF INCREASE APPLICATION SECURITY FOR PCI DSS VERSION 3.

Make Cloud the Most Secure Environment for Business. Seth Hammerman, Systems Engineer Mvision Cloud (formerly Skyhigh Networks)

SYMANTEC DATA CENTER SECURITY

Go mobile. Stay in control.

AWS Well Architected Framework

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Jim Reavis CEO and Founder Cloud Security Alliance December 2017

Zero Trust in Healthcare Centrify Corporations. All Rights Reserved.

ADC im Cloud - Zeitalter

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

An Open Architecture for Hybrid Delivery

Multicloud is the New Normal Cloud enables Digital Transformation (DX), but more clouds bring more challenges

Exam : Implementing Microsoft Azure Infrastructure Solutions

Shaping the Cloud for the Healthcare Industry

Transcription:

CLOUD SECURITY CRASH COURSE ADDRESSING REAL WORLD CONCERNS Joel Friedman, CTSO

ABOUT ME Name: Joel Friedman Title: Chief Technology & Security Officer of Datapipe Certifications: CISSP, CISA, CISM, CRISC, CEH, CCISO, AWS SSA, PCI ISA Quick facts about Joel: 16 years of information security experience NJ Tech Council Chief Technology Officer of the Year Inventor of Datapipe Audit and Access Control (DAAC) Quick facts about Datapipe: Cloud agnostic managed services company, including traditional IT & hybrid First managed services partner for AWS Magic Quadrant for Public Cloud Infrastructure Managed Service Providers, Worldwide: Leader Asia/Pacific Magic Quadrant Cloud-Enabled Managed Hosting: Visionary 3

PREAMBLE SECURITY IS NOT A BARRIER, RATHER AN ENABLER ROOT CAUSE OF SECURITY BREACHES: People: Phishing, key usage Services: Web applications Configuration: Platform, systems ACADEMIC PRAGMATIC 4

Platform Risks

VENDOR MANAGEMENT Inherited compliance and certifications o Scope matters Indemnification and Liability Limits o Differ amongst hyper-scalers Privacy (NDA, privacy policies) Data storage & data sovereignty (DPA, Privacy Shield) Compliance Restrictions o Dedicated tenancy hosts 6

CUSTOMERS SHARED RESPONSIBILITY MODEL CUSTOMER CONTENT Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers are responsible for their security and compliance IN the Cloud Client-side Data Encryption Server-side Data Encryption Network Traffic Protection FOUNDATION SERVICES Compute Storage Database Networking GLOBAL INFRASTRUCTURE Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud 7

PLATFORM SECURITY SETTINGS Numerous user controllable options governing cloud security. Define a corporate policy around appropriate settings, and ideally leverage tools which automatically check and report on a continual basis. USER SECURITY SETTINGS Root account Root API Password Policy MFA VPC Encryption Insecure SGs / NACLs IAM Policies Object Storage Permissions 8

IDENTITY AND FEDERATION External identity management provides: Unified identity for cloud and on premise users Integration into existing starters/leavers process Integration into corporate RBAC process (map to Roles) Sign-Sign On (MFA, UBA, etc..) 9

PaaS & SaaS

WISHFUL THINKING In a perfect world there would be a SaaS for every business function you need, customized precisely how you need it, that you trusted and complied with all regulations. Life would be easy. 11

AS-A-SERVICE DIFFERENTIATION SAAS Presentation Modality Data Integration & middleware APIs Core connectivity & delivery Abstraction RFP / CONTRACT IT IN Meta data Hardware Facilities Content PAAS Integration & middleware APIs Core connectivity & delivery Abstraction Hardware Facilities The lower down the stack the Cloud provider stops, the more security the consumer is tactically responsible for implementing & managing. IAAS APIs Core connectivity & delivery Abstraction Hardware Facilities BUILD IT IN 12

PLATFORM-AS-A-SERVICE SAAS + PLATFORM + DEVELOPERS Training Contract Platform specific security settings SSDLC Security Training Documented Security Requirements Integrated Security in Cloud Architecture Design CI/CD push from Dev to Prod Automated & Manual Testing Test SSDLC Secure Software Development Life Cycle Define SAST / DAST Code review with emphasis on critical components Develop Design 13

Instance Security (IaaS)

CHANGE INFRASTRUCTURE MATURITY STEADY STATE DATACENTER HIGH-VELOCITY CLOUD DEPLOYMENTS Generally labeled as Mode 1 Slowly changing applications with larger sets of changes per deployment Less time-critical, business-focused need to change Often seen in back-office applications Generally labeled as Mode 2 Also labeled as DevOps in popular press Key feature is smaller, more rapid deployments driven by need to provide direct business value Often necessary due to competitive landscape in a line of business + - MODE 1 MODE 2 Systems of Innovation Systems of Differentiation Systems of Record - + GOVERNANCE 15

MODE 1: SECURITY Manual Deployments Manual Patch Management & App Updates Governed Under Change Control 1 System Hardening Agent Based Security Virtual Network Appliances 16

MODE 2: SECURITY Immutable workloads AMI builds / image factory / container registry User-data bootstrapping 2 Auto-inheritence of security policies Auto-discovery via API and network No network chokepoints Identifiers should not be IP address based 17

Best Practices

ACCESS CONTROL API KEY MANAGEMENT Source code Servers Temporary Keys USER BASED Active Directory SSH Keys

GOVERNANCE Tagging Account & VPC segregation Continuous Integration / Continuous Deployment Cloud Access Security Broker (CASB) SaaS encryption, User Behavior Analytics / Compromised Credentials, Data Leak Protection 20

ARCHITECTURAL PATTERNS Management VPC Bastion Hosts NACLs & Security Groups VPN 21

NATIVE OR BRING YOUR OWN Key / Encryption Management Platform / Customer Managed Keys IAM Integration vs. Separate Identities HSM Network Management Scale or visibility? Centralized vs. distributed control

FURTHER READING CLOUD SECURITY ALLIANCE ALIBABA Security Guidance for Critical Areas of Focus in Cloud Computing Cloud Security Whitepaper AWS AZURE Introduction to AWS Security Introduction to AWS Security Processes Security Best Practices AWS Security Checklist Many more Network Security Best Practices Data security and encryption best practices Identity management and access control security best practices IaaS Security Best Practices Many more 23

THANK YOU FOR LISTENING ANY QUESTIONS?

COME & SEE US AT OUR STAND! W: DATAPIPE.COM E: apac@datapipe.com T: (HK) +852 3521 0215

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback