Moshe Ferber, profile picture
Uploaded byMoshe Ferber
1,017 views

Aligning Risk with Growth - Cloud Security for startups

Moshe Ferber is an information security expert with over 20 years of experience and is actively involved in cloud security for startups. The document outlines the benefits and risks of cloud computing, emphasizing the importance of building a robust security framework in three phases to ensure safety and compliance. It provides best practices for managing infrastructure security, application security, and operational security throughout the lifecycle of a startup.

Embed presentation

Moshe Ferber, CCSK Onlinecloudsec.com Cloud Security For Startups Aligning Risk with Growth
About:  Moshe Ferber, 39, lives in Modiin (+2).  Information security professional for over 20 years.  Popular industry speaker and lecturer.  Founded Cloud7, Managed Security Services provider (currently owned by Matrix).  Shareholder at Clarisite – Your customer’s eye view  Shareholder at FortyCloud – Make your public cloud private  Member of the board at MacshavaTova – Narrowing societal gaps  Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter. 2
The benefits of cloud computing are clear, What are the risks?
Cloud attack vectors Provider Administration Wide Dashboard Multi tenancy & Virtualization Automation & API Chain of supply Side Channel attack Insecure Instances
Cyber attacks trends for cloud computingCloud services ransom malwares Bitcoin API Attacks Supply chain Attacks
So, how to build your security? Infrastructure security Application Security Operational security
Good Security is based on controls… Preventive • Firewall (Security Groups) • Authentication • AntiVirus • Guards Detective • IDS • System monitoring • Motion detector Corrective • Upgrades & Patches • Vulnerability scanning Compensatory • DRP & Backup • Firewall logs • Reviews • Audit & reconciliation Based on http://www.sans.edu/research/security- laboratory/article/security-controls
The security phases of startup Phase 1 – Building blocks • From Seed to the first customers Phase 2 – Maturing • Growing and adding customers. Phase 3 – Build trust • Maturing your services.
Phase 1 – Make sure you got the right building blocks  Plan your architecture: logical and physical segmentation.  Understand your data lifecycle.  Laws and regulations to consider.  Choose your partners: software, IT, backend.  Start your SSDLC building block – threat modeling. Architecture.  Implement IaaS best practices: • Identity & Access. • Compensating controls
Build your dashboard with permissions Users & resources RolesGroups
Best practices for IAM Don’t use master account Delete root access key Enable MFA for critical users Apply good password policy Rotate credential periodically Safeguard your host & access keys Create individual users with specific roles
Compensating controls Activate billing alerts API & Dashboards logs Cold Backup Active Secondary site External & Multi Cloud Backups: Encrypt data in transit
Phase 2  Production environment is now maturing. Its time for roles separation at production.  Authentication mechanism should be mature by now.  Security in Software Development life cycle (SSDLC) should take more focus. vulnerability scan & penetration tests Identity Federation Services Encryption of data at rest Security training for R&D
Phase 3  operational security begins to matter.  More detective controls should be placed.  Incident management procedures should mature.  Transparency will be an advantage. DR, BC and active secondary location Log management & Event correlation. Patch & change management Automation of configuration Ongoing security awareness program
Questions?
 Cloud security is maturing fast (it took us over 20 years to secure the PC…)  Security is expensive, but with the right building blocks you can integrate with the grow of business.  Make sure you do the basics from the first day, it will be hard to add them later. To wrap things up… Don’t be the next CodeSpaces
Keep in Touch  Moshe Ferber  moshe@onlinecloudsec.com  www.onlinecloudsec.com  http://il.linkedin.com/in/MosheFerber Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule

More Related Content

PPTX
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
byMoshe Ferber
 
PPTX
The Cloud & I, The CISO challenges with Cloud Computing
byMoshe Ferber
 
PPTX
Surviving the lions den - how to sell SaaS services to security oriented cust...
byMoshe Ferber
 
PPTX
Cloud security for banks - the central bank of Israel regulations for cloud s...
byMoshe Ferber
 
PPTX
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
byMoshe Ferber
 
PPTX
Cloud security what to expect (introduction to cloud security)
byMoshe Ferber
 
PPTX
Transforming cloud security into an advantage
byMoshe Ferber
 
PPTX
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
byMoshe Ferber
 
The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose
byMoshe Ferber
 
The Cloud & I, The CISO challenges with Cloud Computing
byMoshe Ferber
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
byMoshe Ferber
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
byMoshe Ferber
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
byMoshe Ferber
 
Cloud security what to expect (introduction to cloud security)
byMoshe Ferber
 
Transforming cloud security into an advantage
byMoshe Ferber
 
Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber
byMoshe Ferber
 

What's hot

PPTX
What the auditor need to know about cloud computing
byMoshe Ferber
 
PPTX
The Top Cloud Security Issues
byHTS Hosting
 
PPTX
SaaS (Software-as-a-Service) as-a-secure-service
byTayyaba Farhat
 
PPTX
cloud security ppt
byDevyani Vaidya
 
PDF
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
PDF
Cloud Security Demystified
byMichael Torres
 
PPT
Cloud security
byTushar Kayande
 
PPTX
Architect secure cloud services.
byMoshe Ferber
 
PDF
Introduction to Cloud Security
bySusanne Tedrick
 
PDF
Cloud security
byBikashPokharel3
 
DOCX
Cloud keybank privacy and owner authorization
byPvrtechnologies Nellore
 
PDF
Cloud Computing Security - Cloud Controls Security
byHari Kumar
 
PPTX
Cloud risk and business continuity v21
byJorge Sebastiao
 
PPTX
Stop Hackers with Integrated CASB & IDaaS Security
byOneLogin
 
PDF
Cloud Security - Kloudlearn
byKloudLearn
 
PDF
Strategy Cloud and Security as a Service
byAberla
 
PDF
CASB — Your new best friend for safe cloud adoption?
byDigital Transformation EXPO Event Series
 
PDF
Cloud Security & Cloud Encryption Explained
byPorticor - The Cloud Security Experts
 
What the auditor need to know about cloud computing
byMoshe Ferber
 
The Top Cloud Security Issues
byHTS Hosting
 
SaaS (Software-as-a-Service) as-a-secure-service
byTayyaba Farhat
 
cloud security ppt
byDevyani Vaidya
 
Cyber Security and Cloud Computing
byKeet Sugathadasa
 
Cloud Security Demystified
byMichael Torres
 
Cloud security
byTushar Kayande
 
Architect secure cloud services.
byMoshe Ferber
 
Introduction to Cloud Security
bySusanne Tedrick
 
Cloud security
byBikashPokharel3
 
Cloud keybank privacy and owner authorization
byPvrtechnologies Nellore
 
Cloud Computing Security - Cloud Controls Security
byHari Kumar
 
Cloud risk and business continuity v21
byJorge Sebastiao
 
Stop Hackers with Integrated CASB & IDaaS Security
byOneLogin
 
Cloud Security - Kloudlearn
byKloudLearn
 
Strategy Cloud and Security as a Service
byAberla
 
CASB — Your new best friend for safe cloud adoption?
byDigital Transformation EXPO Event Series
 
Cloud Security & Cloud Encryption Explained
byPorticor - The Cloud Security Experts
 

Similar to Aligning Risk with Growth - Cloud Security for startups

PPTX
Cloud security for financial services
byMoshe Ferber
 
PPTX
Cloud-Architecture-Technology-Deovps-Eng
byGanesh Bhosale
 
PDF
Cloud_security_v2_chpater_9_s_version.pdf
byalkabarala01
 
PDF
Cloud Security Network – Definition and Best Practices.pdf
byqualysectechnology98
 
PPTX
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
PPTX
Cloud Security_ Unit 4
byIntegral university, India
 
PPTX
Cloud Security - the egregious 11 cloud security threats
byMoshe Ferber
 
PDF
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
byForgeahead Solutions
 
PPTX
Cloud Adoption Framework Secure Overview
byAanSulistiyo
 
PPTX
I am sharing 'Unit-2' with youuuuuu.PPTX
bypadhaipadhai639
 
PDF
Cloud Security Risks Challenges and Preventive Solutions - DigitDefence
byyams12611
 
PPTX
Cloud Security Solutions - Cyber security.pptx
byjaswanthbale2
 
PPTX
cloudComputingSec_p3.pptx
bySteven Quach
 
PPTX
Novel cloud computingsecurity issues
byJoo Manthar
 
PPTX
CLOUD COMPUTING.pptx
bySameenafathima4
 
PPTX
Cloud Security Top 10 Risk Mitigation Techniques for 2019
byJoseph Holbrook, Chief Learning Officer (CLO)
 
PDF
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
byAdnene Guabtni
 
PDF
Cloud Security Summit - InfoSec World 2014
byBill Burns
 
PDF
Slashing Your Cloud Risk: 3 Must-Do's
bySecurity Innovation
 
PDF
Cloud security: Accelerating cloud adoption
byDell World
 
Cloud security for financial services
byMoshe Ferber
 
Cloud-Architecture-Technology-Deovps-Eng
byGanesh Bhosale
 
Cloud_security_v2_chpater_9_s_version.pdf
byalkabarala01
 
Cloud Security Network – Definition and Best Practices.pdf
byqualysectechnology98
 
Practical Security for the Cloud
byChirag Joshi, CISA, CISM, CRISC
 
Cloud Security_ Unit 4
byIntegral university, India
 
Cloud Security - the egregious 11 cloud security threats
byMoshe Ferber
 
Top Cloud Infrastructure Practices And Strategies For Maximum Security.pdf
byForgeahead Solutions
 
Cloud Adoption Framework Secure Overview
byAanSulistiyo
 
I am sharing 'Unit-2' with youuuuuu.PPTX
bypadhaipadhai639
 
Cloud Security Risks Challenges and Preventive Solutions - DigitDefence
byyams12611
 
Cloud Security Solutions - Cyber security.pptx
byjaswanthbale2
 
cloudComputingSec_p3.pptx
bySteven Quach
 
Novel cloud computingsecurity issues
byJoo Manthar
 
CLOUD COMPUTING.pptx
bySameenafathima4
 
Cloud Security Top 10 Risk Mitigation Techniques for 2019
byJoseph Holbrook, Chief Learning Officer (CLO)
 
Architecting Data Services for the Cloud: Security Considerations and Best Pr...
byAdnene Guabtni
 
Cloud Security Summit - InfoSec World 2014
byBill Burns
 
Slashing Your Cloud Risk: 3 Must-Do's
bySecurity Innovation
 
Cloud security: Accelerating cloud adoption
byDell World
 

Recently uploaded

PPTX
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
PDF
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
PDF
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
PPTX
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
PDF
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
PDF
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
PDF
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
PDF
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
PDF
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
PDF
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
PPTX
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
PDF
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
PPT
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
PDF
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PPTX
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
PDF
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
PDF
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
PDF
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
PDF
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 
Magnet-AXIOM_overview_tool_cyber_tool.pptx
byashishtjoseph
 
Cybersecurity Alert- What Organisations Must Watch Out For This Christmas Fes...
byCybernetic Global Intelligence
 
How NetSuite Cloud ERP Helps Businesses Overcome Legacy System Downtime.
byTechWize
 
Modern Claims Automation Solutions for Operational Agility
byInsurance Tech Services
 
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
IT Estate Modernization: Transform Your Infrastructure for the Future .pdf
byAstuteBusiness
 
Advanced Prompt Engineering: The Art and Science
byMaxim Salnikov
 
Here’s the case study that shows how companies lose ₹2–6 Cr annually due to m...
bysiddhantdazzlo
 
INTRODUCTION TO DATABASES, MYSQL, MS ACCESS, PHARMACY DRUG DATABASE.pdf
bylikudas9861
 
What Is A Woman (WIAW) Token – Smart Contract Security Audit Report by EtherA...
byEtherAuthority
 
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
Operating System (OS) :UNIT-I Introduction to Operating System BCA SEP SEM-II...
byKuvempu University
 
This-Project-Demonstrates-How-to-Create.ppt
byjayasuryanexinfo
 
Database Management Systems(DBMS):UNIT-I Introduction to Database(DBMS) BCA S...
byKuvempu University
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
Lecture 3 - Scheduling - Operating System
bynurulalomador
 
Design and Analysis of Algorithms(DAA): Unit-II Asymptotic Notations and Basi...
byKuvempu University
 
Database Management Systems(DBMS):UNIT-II Relational Data Model BCA SEP SEM ...
byKuvempu University
 
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
Combinatorial Interview Problems with Backtracking Solutions - From Imperativ...
byPhilip Schwarz
 

Aligning Risk with Growth - Cloud Security for startups

  • 1.
    Moshe Ferber, CCSK Onlinecloudsec.com CloudSecurity For Startups Aligning Risk with Growth
  • 2.
    About:  Moshe Ferber,39, lives in Modiin (+2).  Information security professional for over 20 years.  Popular industry speaker and lecturer.  Founded Cloud7, Managed Security Services provider (currently owned by Matrix).  Shareholder at Clarisite – Your customer’s eye view  Shareholder at FortyCloud – Make your public cloud private  Member of the board at MacshavaTova – Narrowing societal gaps  Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter. 2
  • 3.
    The benefits ofcloud computing are clear, What are the risks?
  • 4.
  • 5.
    Cyber attacks trendsfor cloud computingCloud services ransom malwares Bitcoin API Attacks Supply chain Attacks
  • 6.
    So, how tobuild your security? Infrastructure security Application Security Operational security
  • 7.
    Good Security isbased on controls… Preventive • Firewall (Security Groups) • Authentication • AntiVirus • Guards Detective • IDS • System monitoring • Motion detector Corrective • Upgrades & Patches • Vulnerability scanning Compensatory • DRP & Backup • Firewall logs • Reviews • Audit & reconciliation Based on http://www.sans.edu/research/security- laboratory/article/security-controls
  • 8.
    The security phasesof startup Phase 1 – Building blocks • From Seed to the first customers Phase 2 – Maturing • Growing and adding customers. Phase 3 – Build trust • Maturing your services.
  • 9.
    Phase 1 –Make sure you got the right building blocks  Plan your architecture: logical and physical segmentation.  Understand your data lifecycle.  Laws and regulations to consider.  Choose your partners: software, IT, backend.  Start your SSDLC building block – threat modeling. Architecture.  Implement IaaS best practices: • Identity & Access. • Compensating controls
  • 10.
    Build your dashboardwith permissions Users & resources RolesGroups
  • 11.
    Best practices forIAM Don’t use master account Delete root access key Enable MFA for critical users Apply good password policy Rotate credential periodically Safeguard your host & access keys Create individual users with specific roles
  • 12.
    Compensating controls Activate billing alerts API& Dashboards logs Cold Backup Active Secondary site External & Multi Cloud Backups: Encrypt data in transit
  • 13.
    Phase 2  Productionenvironment is now maturing. Its time for roles separation at production.  Authentication mechanism should be mature by now.  Security in Software Development life cycle (SSDLC) should take more focus. vulnerability scan & penetration tests Identity Federation Services Encryption of data at rest Security training for R&D
  • 14.
    Phase 3  operationalsecurity begins to matter.  More detective controls should be placed.  Incident management procedures should mature.  Transparency will be an advantage. DR, BC and active secondary location Log management & Event correlation. Patch & change management Automation of configuration Ongoing security awareness program
  • 15.
  • 16.
     Cloud securityis maturing fast (it took us over 20 years to secure the PC…)  Security is expensive, but with the right building blocks you can integrate with the grow of business.  Make sure you do the basics from the first day, it will be hard to add them later. To wrap things up… Don’t be the next CodeSpaces
  • 17.
    Keep in Touch Moshe Ferber  moshe@onlinecloudsec.com  www.onlinecloudsec.com  http://il.linkedin.com/in/MosheFerber Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule