In his presentation, Peter will share his insights and experiences on Red flags and attention points in cloud security audit, watch the security gates.
Automating Google Workspace (GWS) & more with Apps Script
Red flags and attention points in cloud security audit, watch the security gates.
1. AI, Cloud & Modern Workplace
Conference 2024
15, 16 & 17 February , Online Conference
https://aicmwc.azurewebsites.net
2. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Red flags and attention points in cloud
security audit
Watch the security gates
15 February 2024 , 21:00 P.M. (GMT+2)
Peter GEELEN
MVP Security (Identity & Access)
https://www.linkedin.com/in/pgeelen/
3. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Important to know: Security = PPT
• PPT
• People
• Process
• Technology
4. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Important to know: Security = PPT
• PPT
• People
• Process
• Technology
5. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Security across the company
• Strategic
• Tactical
• Operational
STRATEGIC (CxO)
TACTICAL (Dept.)
OPERATIONAL
6. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Management team tasks
• Accountability
• Planning
• Resources
• Operations
• Performance
• Continuous improvement
Act Plan
Do
Check
Act Plan
Do
Check
Security
Improvement
Time
8. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Security is a process, continuously changing
1
2
3
In
Few tasks
simple
Change
Important volume of tasks
Dependent tasks
Balance from one to another
Out
Lots of tasks
Lengthy
Complex
Legal impact
Possible reactivation
Uniqueness Conflicts
9. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
How are you doing?
10. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
How is your customer or supplier doing?
11. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Monitoring or Audit: what’s the difference ?
Monitoring
• Performance check
• Continuous (or high frequency)
• By Owner
Audit
• Compliance check
• Regular intervals (lower frequency)
• Independent from owner
12. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types
• 1st party (internal audit)
• 2nd party
• Customer > supplier
• Supplier > customer
• 3rd party
• external
13. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types : internal audit
• Self-validation (Auditing within company)
• No publication to external parties
• No certificate
14. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types : 2nd party audit (mutual)
• Commercial interest first
• Contractual dependence
• Due diligence
• Mutual interest
• Customer checking (potential) supplier
• Supplier checking (potential) customer, eg before onboarding
• Delegation / verification of compliance
• Verification if delegated tasks are done correctly
15. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit types : 3rd party audit (external)
• Independence between parties
• Auditor vs customer
• No combination of consulting & audit allowed
• Segregation of duties
• Official certificate
• Published
• Available to external parties
16. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
Audit main principles
• Snapshot of situation
• Quick estimation of situation
• Risk based
• Solution based, continuous improvement
Some hands-on experience to stay out of trouble
… detecting the red flags
17. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
1. First login with god mode
• First login
• First administrator
• Full power
• God mode
Solution
- Create special admin account
- No mail, enable MFA
18. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
2. User ID and password
• Typically personal account
• User ID… and just password (an mail address)
Solution
• MFA
• Hardware tokens
• Passkeys (MFA next gen)
19. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
3. Default groups
• Azure Groups
• Large volume of Azure and M365 Roles
Solution
• Avoid the use of default groups
• Task based access, granular control
• Only use default groups when no other option left
20. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
4. Ad-hoc (eh..no) Identity Management
• Manual management
• No process
• User duplication from existing users
Solution
• Setup basic IDM (identity mgmt)
• Setup IAM (identity and access mgmt)
1
2
3
In
Start of identity
Hire,
onboarding,
provisioning,
create,
Begin, ...
Change of identity, move,
promotion, update, maintenance,
operations, ...
Out
End-of-life
Fire,
termination,
End-of-contract,
deprovisioning,
Revocation,
delete, ...
21. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
5. No process management
• Manual management
• No process owner
• No process
• No idea how data flows
• No idea on changes
Solution
• Use basic process definitions
• Check ISO9001
22. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
6. All-in one account
• User account = admin account
• Mail enabled
• Used for office and admin tasks
Solution
• Account separation
• Segregation of duties
• Separate logins for users and administrators
23. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
7. All-in one desktop
• Login account = local admin account
• Full access
• …
Solution
• Daily operations as user
• Admin for specific access
24. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
8. RDP remote access
• RDP to Azure
• …
Solution
• Bastion host
25. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
9. One network
• One network
• Direct connections to Azure
• No segmentation (neither in Azure as physical)
Solution
• Segmentation
• Firewalls on every host and every network
26. AI, Cloud & Modern Workplace Conference 2024
16, 17 & 18 February , Online Conference
9. Onetime configuration
• One configuration fixed at first configuration
• But once set, never reset …
• No review
• No IDM cycle
Solution: check...
• Everytime on new configuration
• During changes
• Check regularly (put it on your agenda)
• Use IDM (lifecycle)
27. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
References
• Microsoft
• Azure compliance: ISO27001
• Azure compliance: ISO27017 / ISO 27018
• Learn Microsoft Azure audit and logging fundamentals
• Azure security logging and auditing
• Azure security management and monitoring overview
28. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
References
• Azure hardening
• Azure security best practices and patterns
29. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
References
• ISO standards
• ISO 27001: ISMS (information security management system)
• ISO 27002: ISMS guidance
• ISO 27017: cloud security
• ISO 27018: PII in cloud (data protection in cloud
• Cloud security basics (CCSK by CSA)
• https://cloudsecurityalliance.org/
• Cloud controls matrix
30. AI, Cloud & Modern
Workplace Conference 2024
16, 17 & 18 February , Online Conference
Presentation Title
18 February , 9 P.M. (GMT+2)
More of this…
• On my blog
• Identity Underground
• https://identityunderground.wordpress.com/
31. Thank You !!!
AI, Cloud & Modern Workplace
Conference 2024
15, 16 & 17 February , Online Conference