SlideShare a Scribd company logo

Cloud Security Top 10 Risk Mitigation Techniques for 2019

•Download as PPTX, PDF•
•
J
Joseph Holbrook, Chief Learning Officer (CLO)

Cloud Security is essentially a shared responsibility model. (Provider and Subcriber) Cloud Computing security is generally viewed as a complex area but does not have to be. However, your essentially performing same functionalities as traditional IT security. This includes protecting critical information from theft, data leakage and deletion. Compromise of Platforms Compromise of Credentials Privilege Escalation Denial of Service Attacks (DDoS) Lack of Compliance Implementations Inadequate Training for Personnel

Technology
1 of 31
Webinar Series Cloud Security Top 10 Risk Mitigation Techniques for 2019 WEB AGE TECHNOLOGY WEBINAR SERIES
Webinar Series WELCOME! Check that you can "raise your hand" next to your name on the left When we start I'll ask everyone to raise their hand to verify you can hear me To ask a question during the presentation type it in the “Questions” section and raise your hand to help me notice it Slides will be available shortly after the presentation Audio Recording will be published shortly after the presentation
Webinar Series OVERVIEW Introduction to Speaker Joe Holbrook
Webinar Series OVERVIEW Introduction Cloud Security 101 Current Threat Landscape Top Ten Techniques for Cloud Risk Mitigation Q/A
Webinar Series CLOUD SECURITY 101 Cloud Security is essentially a shared responsibility model. (Provider and Subcriber) Cloud Computing security is generally viewed as a complex area but does not have to be. However, your essentially performing same functionalities as traditional IT security. This includes protecting critical information from theft, data leakage and deletion.
Webinar Series CLOUD SECURITY 101 For Example: AWS applies the Shared Responsibility Model to distinguish the different aspects of security management. AWS owns the infrastructure, physical network and hypervisor. The enterprise owns the workload OS, apps, virtual network, access to its tenant environment/account and the data.
Webinar Series CLOUD SECURITY 101 Cloud Providers provide numerous tools to help facilitate cloud security vulnerability and threat identification. E.G – Google Cloud Compute Engine Security Scanner or AWS Inspector
Webinar Series CLOUD SECURITY THREATS As with any technology there are generally vulnerabilities and threats that will need to be assessed and mitigated. Threats can come from both internal and external sources.
Webinar Series CLOUD SECURITY THREATS Compromise of Platforms Compromise of Credentials Privilege Escalation Denial of Service Attacks (DDoS) Lack of Compliance Implementations Inadequate Training for Personnel
Webinar Series LETS THINK ABOUT THIS! “Through 2020, 95% of cloud security failures will be the customer’s fault.” —Gartner, “Top Predictions for IT Organizations and Users for 2016 and Beyond”
Webinar Series HOW DO WE MITIGATE ISSUES IN THE CLOUD? Source Quotefancy
Webinar Series LETS GET STARTED. Compromise of Platforms Compromise of Credentials Privilege Escalation Denial of Service Attacks Lack of Compliance Implementations Inadequate Training for Personnel
Webinar Series LETS GET STARTED. Did you know that cloud data breaches are usually a result of improper training? For example “Accenture left four S3 buckets open to the public, exposing 137 gigabytes of customer data, including customer credentials”. (Contained Classified information)
Webinar Series USER CONFIGURATIONS It takes effort to expose an S3 Bucket.
Webinar Series LETS GET STARTED. Did you know that it is estimated that in” 2017 alone, over 99 billion records were exposed because of data breaches.” Tripwire With Cloud Computing there are special considerations for cloud data services that must be deployed with Application Programming Interfaces.
Webinar Series LETS GET STARTED. Did you know that Automated Intelligence is used more and more to help thwart cloud attacks? However, it also being used to perpetrate attacks as well. Thru entity behavior analytics (UEBA) these attacks can be initiated.
Webinar Series LETS GET STARTED. Did you know that insider threats are the cause of the biggest security breaches out there, and they are very costly to remediate. According to a 2017 Insider Threat Report, 53 percent of companies estimate remediation costs of $100,000 and more, with 12 percent estimating a cost of more than $1 million
Webinar Series 10. Improve your key management. Whether your using your vendors KMS or a third party consider the following. - Delete old IAM accounts. - Work with HR to remove accounts - Proactive identification of unused accounts Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 9. Enable audit logging. (Stackdriver or CloudTrail) - Enable logging and back up logs. - Proactive filtering of logs - Create alerts that search logs and notify you - Perform Compliance audit Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 8. Lock down protocols. - Enable a “trickle” not a river.. - Turn off RDP to windows. - Use centralized SSH bastion host. - Allow services not people. Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 7. Use Principle Least Privilege - As a best practice use the “principle of least privilege” by reducing - Does that DB admin need Admin rights on the EC2 or GCP VM instances? - IAM on lockdown. Assign Permissions in a granular approach and use groups. Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 6. Review your DB Services - Restrict network access to MySQL solely to trusted devices. - Review your signatures - Assign proper roles Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 5. Use Multifactor Authentication - Many companies still use Single Factor authentication. Why? its easier and no planning required. - Enable it. Every vendor supports this. Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 4. Encrypt your data. - Once again , many companies still take the easy route. Why? its easier and no planning required. - Encrypt At Rest or In Flight - GCP is fully encrypted by default at rest (DEK) Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 3. Reference Cloud Provider best practices - AWS has a robust portfolio of best practices. GCP has some out there but not as concise as AWS. - The vendor is your best source in regards to how their service works. - Whitepapers, workflows and techtips. Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 2. Build Security into your DEVOPs practices - Sometimes the best way to mitigate vulnerabilities is to find them before your in production. - Use a CI/CD Pipeline - Consider A/B testing if needed Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series 1. Secure your APIS and your Endpoints - Application Programming Interfaces should be have a configuration review to ensure all authentication, authorization, logging and monitoring controls are aligned to industry benchmarks. - API Lifecycle management - Endpoints are critical. Proxy. Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series Consider a Training Plan for your Organization as well. - Remember that 95% of cloud security issues are a result of the customer! - Mitigation of issues can be understood with a proper training plan. Cloud Security Top 10 Risk Mitigation Techniques for 2019
Webinar Series UPCOMING CLASSES Course Course
Webinar Series ? QUESTIONS?
Webinar Series Web Age Solutions www.webagesolutions.com/contactus/ US - 215-517-6540 Canada - 1-866-206-4644 CONTACT

Recommended

Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSJoseph Holbrook, Chief Learning Officer (CLO)
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 

Recommended

Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarJoseph Holbrook, Chief Learning Officer (CLO)
 
DevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSDevOps on GCP Course Compared to AWS
DevOps on GCP Course Compared to AWSJoseph Holbrook, Chief Learning Officer (CLO)
 
Cloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityCloud Computing Security - Cloud Controls Security
Cloud Computing Security - Cloud Controls SecurityHari Kumar
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
CCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaCCSK, cloud security framework, Indonesia
CCSK, cloud security framework, IndonesiaWise Pacific Venture
 
Cloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesCloud Security for U.S. Military Agencies
Cloud Security for U.S. Military AgenciesNJVC, LLC
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Serviceguest536dd0e
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computingveena venugopal
 
Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelVishal Sharma
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)Maganathin Veeraragaloo
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
Cloud Security
Cloud Security Cloud Security
Cloud Security Giovanni Mazzeo
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security GovernanceShankar Subramaniyan
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securityn|u - The Open Security Community
 
Cisco at v mword 2015
Cisco at v mword 2015Cisco at v mword 2015
Cisco at v mword 2015ldangelo0772
 
Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Joseph Holbrook, Chief Learning Officer (CLO)
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 

More Related Content

What's hot

Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- orgDharmalingam S
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelVishal Sharma
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationCharles Lim
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud ComputingFalgun Rathod
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013STO STRATEGY
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentKaashivInfoTech Company
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013STO STRATEGY
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013STO STRATEGY
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computingMoshe Ferber
 

What's hot (19)

Cloud security privacy- org
Cloud security privacy- orgCloud security privacy- org
Cloud security privacy- org
 
Cloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. ModelCloud Security Guide - Ref Architecture and Gov. Model
Cloud Security Guide - Ref Architecture and Gov. Model
 
Cloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud SecurityCloud Security: What you need to know about IBM SmartCloud Security
Cloud Security: What you need to know about IBM SmartCloud Security
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Managing Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your OrganizationManaging Cloud Security Risks in Your Organization
Managing Cloud Security Risks in Your Organization
 
Cloud security (domain11 14)
Cloud security (domain11 14)Cloud security (domain11 14)
Cloud security (domain11 14)
 
Security Issues of Cloud Computing
Security Issues of Cloud ComputingSecurity Issues of Cloud Computing
Security Issues of Cloud Computing
 
Cloud Security
Cloud Security Cloud Security
Cloud Security
 
(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013(Pdf) yury chemerkin _i-society_2013
(Pdf) yury chemerkin _i-society_2013
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Security as a Service Model for Cloud Environment
Security as a Service Model for Cloud EnvironmentSecurity as a Service Model for Cloud Environment
Security as a Service Model for Cloud Environment
 
(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013(Pdf) yury chemerkin deep_intel_2013
(Pdf) yury chemerkin deep_intel_2013
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferberDefcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
Cloud Security Governance
Cloud Security GovernanceCloud Security Governance
Cloud Security Governance
 
What the auditor need to know about cloud computing
What the auditor need to know about cloud computingWhat the auditor need to know about cloud computing
What the auditor need to know about cloud computing
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 

Similar to Cloud Security Top 10 Risk Mitigation Techniques for 2019

Cisco at v mword 2015
Cisco at v mword 2015Cisco at v mword 2015
Cisco at v mword 2015ldangelo0772
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing CeleraNetworks
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
All About AWS Security Course
All About AWS Security CourseAll About AWS Security Course
All About AWS Security Courseinfosec train
 
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your CloudLinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your CloudMark Hinkle
 
Cloud Security for small and medium enterprises (SME)
Cloud Security for small and medium enterprises (SME)Cloud Security for small and medium enterprises (SME)
Cloud Security for small and medium enterprises (SME)Fabio Cerullo
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloudScalar Decisions
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloudpatmisasi
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes SenseRightScale
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014IBM Thailand Co Ltd
 
Build your own Cloud & Infrastructure
Build your own Cloud & InfrastructureBuild your own Cloud & Infrastructure
Build your own Cloud & InfrastructureIBM Software India
 
A perspective on cloud computing and enterprise saa s applications
A perspective on cloud computing and enterprise saa s applicationsA perspective on cloud computing and enterprise saa s applications
A perspective on cloud computing and enterprise saa s applicationsGeorge Milliken
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityVAST
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraZeleno d.o.o.
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 

Similar to Cloud Security Top 10 Risk Mitigation Techniques for 2019 (20)

Cisco at v mword 2015
Cisco at v mword 2015Cisco at v mword 2015
Cisco at v mword 2015
 
Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation Cloud Computing and the Culture of Innovation
Cloud Computing and the Culture of Innovation
 
Celera Networks on Cloud Computing
Celera Networks on Cloud Computing Celera Networks on Cloud Computing
Celera Networks on Cloud Computing
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
All About AWS Security Course
All About AWS Security CourseAll About AWS Security Course
All About AWS Security Course
 
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your CloudLinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
LinuxCon North America 2013: Why Lease When You Can Buy Your Cloud
 
Cloud Security for small and medium enterprises (SME)
Cloud Security for small and medium enterprises (SME)Cloud Security for small and medium enterprises (SME)
Cloud Security for small and medium enterprises (SME)
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
 
Keys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-CloudKeys-to-Success-and-Security-in-the-Cloud
Keys-to-Success-and-Security-in-the-Cloud
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Why Cloud Management Makes Sense
Why Cloud Management Makes SenseWhy Cloud Management Makes Sense
Why Cloud Management Makes Sense
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014Cloud adoption success and challenges - July 2014
Cloud adoption success and challenges - July 2014
 
Build your own Cloud & Infrastructure
Build your own Cloud & InfrastructureBuild your own Cloud & Infrastructure
Build your own Cloud & Infrastructure
 
A perspective on cloud computing and enterprise saa s applications
A perspective on cloud computing and enterprise saa s applicationsA perspective on cloud computing and enterprise saa s applications
A perspective on cloud computing and enterprise saa s applications
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembra
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
 

More from Joseph Holbrook, Chief Learning Officer (CLO)

More from Joseph Holbrook, Chief Learning Officer (CLO) (20)

Cloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military SectorsCloud Computing Opportunities in the Goverment Military Sectors
Cloud Computing Opportunities in the Goverment Military Sectors
 
Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020Top 10 key areas to learn in cloud in 2020
Top 10 key areas to learn in cloud in 2020
 
"Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology""Creating a Competitive Edge Using Blockchain Technology"
"Creating a Competitive Edge Using Blockchain Technology"
 
How to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contractHow to design, code, deploy and execute a smart contract
How to design, code, deploy and execute a smart contract
 
How to Build a Threat Detection Strategy in the AWS Cloud
How to Build a Threat Detection Strategy in the AWS CloudHow to Build a Threat Detection Strategy in the AWS Cloud
How to Build a Threat Detection Strategy in the AWS Cloud
 
AWS and DevOps Session 1
AWS and DevOps Session 1AWS and DevOps Session 1
AWS and DevOps Session 1
 
CompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and TricksCompTIA Cybersecurity Analyst Certification Tips and Tricks
CompTIA Cybersecurity Analyst Certification Tips and Tricks
 
Blockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference JacksonvilleBlockchain Breakout Session Tech Coast Conference Jacksonville
Blockchain Breakout Session Tech Coast Conference Jacksonville
 
Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart Blockchain Fundamentals Quickstart
Blockchain Fundamentals Quickstart
 
Blockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales EngineersBlockchain Proof or Concepts for Pre Sales Engineers
Blockchain Proof or Concepts for Pre Sales Engineers
 
Blockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology EngineersBlockchain Fundamentals for Technology Engineers
Blockchain Fundamentals for Technology Engineers
 
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
Udemy Cash Flow Workshop Jacksonville IT Pro Workshop 2018
 
CompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam ReviewCompTIA PenTest+ Exam (PT0-001) Exam Review
CompTIA PenTest+ Exam (PT0-001) Exam Review
 
GCP Cloud Storage Security
GCP Cloud Storage SecurityGCP Cloud Storage Security
GCP Cloud Storage Security
 
Google Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage ServicesGoogle Cloud Platform Intro to Data and Storage Services
Google Cloud Platform Intro to Data and Storage Services
 
CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001CompTIA PenTest+ BETA EXAM CODE PT1-001
CompTIA PenTest+ BETA EXAM CODE PT1-001
 
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCYINTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
INTRO TO BLOCKCHAINS AND CRYPTOCURRENCY
 
Google Cloud Platform Data Storage
Google Cloud Platform Data StorageGoogle Cloud Platform Data Storage
Google Cloud Platform Data Storage
 
Intro to Google Cloud Platform Data Engineering.- Endpoints
Intro to Google Cloud Platform Data Engineering.- EndpointsIntro to Google Cloud Platform Data Engineering.- Endpoints
Intro to Google Cloud Platform Data Engineering.- Endpoints
 
Intro to Google Cloud Platform Data Engineering.
Intro to Google Cloud Platform Data Engineering.Intro to Google Cloud Platform Data Engineering.
Intro to Google Cloud Platform Data Engineering.
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Cloud Security Top 10 Risk Mitigation Techniques for 2019

  • 1. Webinar Series Cloud Security Top 10 Risk Mitigation Techniques for 2019 WEB AGE TECHNOLOGY WEBINAR SERIES
  • 2. Webinar Series WELCOME! Check that you can "raise your hand" next to your name on the left When we start I'll ask everyone to raise their hand to verify you can hear me To ask a question during the presentation type it in the “Questions” section and raise your hand to help me notice it Slides will be available shortly after the presentation Audio Recording will be published shortly after the presentation
  • 4. Webinar Series OVERVIEW Introduction Cloud Security 101 Current Threat Landscape Top Ten Techniques for Cloud Risk Mitigation Q/A
  • 5. Webinar Series CLOUD SECURITY 101 Cloud Security is essentially a shared responsibility model. (Provider and Subcriber) Cloud Computing security is generally viewed as a complex area but does not have to be. However, your essentially performing same functionalities as traditional IT security. This includes protecting critical information from theft, data leakage and deletion.
  • 6. Webinar Series CLOUD SECURITY 101 For Example: AWS applies the Shared Responsibility Model to distinguish the different aspects of security management. AWS owns the infrastructure, physical network and hypervisor. The enterprise owns the workload OS, apps, virtual network, access to its tenant environment/account and the data.
  • 7. Webinar Series CLOUD SECURITY 101 Cloud Providers provide numerous tools to help facilitate cloud security vulnerability and threat identification. E.G – Google Cloud Compute Engine Security Scanner or AWS Inspector
  • 8. Webinar Series CLOUD SECURITY THREATS As with any technology there are generally vulnerabilities and threats that will need to be assessed and mitigated. Threats can come from both internal and external sources.
  • 9. Webinar Series CLOUD SECURITY THREATS Compromise of Platforms Compromise of Credentials Privilege Escalation Denial of Service Attacks (DDoS) Lack of Compliance Implementations Inadequate Training for Personnel
  • 10. Webinar Series LETS THINK ABOUT THIS! “Through 2020, 95% of cloud security failures will be the customer’s fault.” —Gartner, “Top Predictions for IT Organizations and Users for 2016 and Beyond”
  • 11. Webinar Series HOW DO WE MITIGATE ISSUES IN THE CLOUD? Source Quotefancy
  • 12. Webinar Series LETS GET STARTED. Compromise of Platforms Compromise of Credentials Privilege Escalation Denial of Service Attacks Lack of Compliance Implementations Inadequate Training for Personnel
  • 13. Webinar Series LETS GET STARTED. Did you know that cloud data breaches are usually a result of improper training? For example “Accenture left four S3 buckets open to the public, exposing 137 gigabytes of customer data, including customer credentials”. (Contained Classified information)
  • 14. Webinar Series USER CONFIGURATIONS It takes effort to expose an S3 Bucket.
  • 15. Webinar Series LETS GET STARTED. Did you know that it is estimated that in” 2017 alone, over 99 billion records were exposed because of data breaches.” Tripwire With Cloud Computing there are special considerations for cloud data services that must be deployed with Application Programming Interfaces.
  • 16. Webinar Series LETS GET STARTED. Did you know that Automated Intelligence is used more and more to help thwart cloud attacks? However, it also being used to perpetrate attacks as well. Thru entity behavior analytics (UEBA) these attacks can be initiated.
  • 17. Webinar Series LETS GET STARTED. Did you know that insider threats are the cause of the biggest security breaches out there, and they are very costly to remediate. According to a 2017 Insider Threat Report, 53 percent of companies estimate remediation costs of $100,000 and more, with 12 percent estimating a cost of more than $1 million
  • 18. Webinar Series 10. Improve your key management. Whether your using your vendors KMS or a third party consider the following. - Delete old IAM accounts. - Work with HR to remove accounts - Proactive identification of unused accounts Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 19. Webinar Series 9. Enable audit logging. (Stackdriver or CloudTrail) - Enable logging and back up logs. - Proactive filtering of logs - Create alerts that search logs and notify you - Perform Compliance audit Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 20. Webinar Series 8. Lock down protocols. - Enable a “trickle” not a river.. - Turn off RDP to windows. - Use centralized SSH bastion host. - Allow services not people. Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 21. Webinar Series 7. Use Principle Least Privilege - As a best practice use the “principle of least privilege” by reducing - Does that DB admin need Admin rights on the EC2 or GCP VM instances? - IAM on lockdown. Assign Permissions in a granular approach and use groups. Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 22. Webinar Series 6. Review your DB Services - Restrict network access to MySQL solely to trusted devices. - Review your signatures - Assign proper roles Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 23. Webinar Series 5. Use Multifactor Authentication - Many companies still use Single Factor authentication. Why? its easier and no planning required. - Enable it. Every vendor supports this. Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 24. Webinar Series 4. Encrypt your data. - Once again , many companies still take the easy route. Why? its easier and no planning required. - Encrypt At Rest or In Flight - GCP is fully encrypted by default at rest (DEK) Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 25. Webinar Series 3. Reference Cloud Provider best practices - AWS has a robust portfolio of best practices. GCP has some out there but not as concise as AWS. - The vendor is your best source in regards to how their service works. - Whitepapers, workflows and techtips. Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 26. Webinar Series 2. Build Security into your DEVOPs practices - Sometimes the best way to mitigate vulnerabilities is to find them before your in production. - Use a CI/CD Pipeline - Consider A/B testing if needed Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 27. Webinar Series 1. Secure your APIS and your Endpoints - Application Programming Interfaces should be have a configuration review to ensure all authentication, authorization, logging and monitoring controls are aligned to industry benchmarks. - API Lifecycle management - Endpoints are critical. Proxy. Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 28. Webinar Series Consider a Training Plan for your Organization as well. - Remember that 95% of cloud security issues are a result of the customer! - Mitigation of issues can be understood with a proper training plan. Cloud Security Top 10 Risk Mitigation Techniques for 2019
  • 31. Webinar Series Web Age Solutions www.webagesolutions.com/contactus/ US - 215-517-6540 Canada - 1-866-206-4644 CONTACT

Editor's Notes

  1. Copyright Web Age Solutions 2007