SlideShare a Scribd company logo

Cloud Security Controls Best Practices for AWS, Azure and GCP

Outpost24
Outpost24

The document provides an overview of cloud security best practices for AWS, Azure and GCP workloads. It discusses where to start when migrating workloads to IaaS and PaaS environments, the importance of cloud workload protection platforms (CWPP) and cloud security posture management (CSPM). The document also outlines some fundamental security controls that should be addressed, such as vulnerability management and application security. It provides guidance on how to keep pace with new security tools from cloud providers and find what works best. Lastly, it discusses how cloud security controls are evolving and how to prepare for better implementation and compliance.

Software
1 of 33
Download to read offline
Cloud Security Controls Best Practice Advanced Guidance for AWS, Azure and GCP workloads Sergio Loureiro Feb 2020
Outpost24 at a glance 2 • Global HQ – Sweden • Sales – BeNeLux, DACH, Nordics, UK&I/France, US • MSSP and Reseller partners in additional locations • Over 150 full time staff
Outpost24 experience in Cloud Security • Founding Member of the Cloud Security Alliance (CSA) and co-author of first guidelines for cloud security in 2009 • Founding Member of the CSA French chapter in 2012 and board member in 2019 • Discovery of AWS first vulnerabilities and seminal paper in 2011 • First product in the AWS marketplace in 2012, AWS partner since 2012, Azure Silver Partner • 2 international patents on cloud security 3
Agenda • Where to start when migrating to IaaS and PaaS? • Why CWPP and CSPM are critical to cloud security? • What are the fundamental controls security teams must address now? • How to keep pace with new security tooling from cloud providers and finding what works best for you? • Where are cloud security controls heading and how to prepare for better implementation and compliance? 4
5 Where to start when migrating to IaaS and PaaS? • Through 2023, at least 99% of cloud security failures will be the customer’s fault. Gartner 2019
Major Cloud Security Challenges 6 Credit: SANS Cloud adoption survey 2019
Cloud Maturity Adoption 7 Migration Are you using cloud services securely? What is the risk? Compliance How to implement best practices? Show business value Multi-Cloud How to manage risk across different providers? Continuous Continuous alerts and continuous risk assessment
Why CWPP and CSPM are critical to cloud security? 8 Image credit: Microsoft CWPPCSPM
9 What are the fundamental controls security teams must address now? • Cloud Security Posture Management • Cloud configuration Assessment • Cloud Workload Protection Platform • Vulnerability Management • Application security • Anti-virus, HIDS/HIPS, etc
CSPM and CWPP Now • CIS AWS benchmark • CIS Azure benchmark • CIS GCP benchmark Cloud Security Posture Management - > Add Configuration Management Cloud Workload Protection Platforms -> Integrate controls Start with Identify • System Management • Vulnerability Assessment • Awareness Training 10
What checks? = What is in the CIS benchmarks? CIS AWS • 49 checks • IAM, Logging, Monitoring, Networking CIS Azure • 97 checks • IAM, Security Center, Storage Accounts, SQL Services, Logging and Monitoring, Networking, Virtual Machines, Other
Examples of CSPM: CIS AWS and CIS Azure Controls 12
How to prioritize CSPM findings? • No CVSS • CIS benchmarks are marked scored/not scored • Azure Security Center has its own scoring • Without contextualization it’s hard to do • Ideally, tags will indicate the most critical systems and user tags to help prioritize results
What is missing? AWS, Azure and GCP advanced services • More than 100 services on AWS, Azure and GCP • Start with foundational services (example of AWS): • Networking: SGs, VPCs, NACLs, CloudFront • Instances: EC2 • Storage: S3, EBS • IAM: rights and connection to AD
Workloads: Mapping Cloud Controls to NIST CSF 15 Source: SANS How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework - Feb 2019
16 • Source: Gartner Market Guide to Cloud Workload Protection Platform 2017 CWPP
Guidance
Traditional Security is disrupted by Cloud • Shared responsibility • New layer of configuration (and misconfigurations) • Elasticity and Agile • Changing IPs for VMs • License model • Cloud Shadow IT • New cloud services every week • APIs for everything publicly accessible 18
More than 73% organizations are using 2 or more public cloud providers • More attack surface • Goal: Knowing the surface • Harder to have visibility • Goal: Single pane of glass • Different services and tools • Goal: Controls homogeneity 19 Plan for Multi-Cloud Credit: SANS Cloud adoption survey 2019
Get full visibility on workloads and configuration 20 • For CWPP, extend existing tools • Marketplace tools are available • Check for deployment model (SaaS, agents, appliances) • For CSPM, start with CIS benchmarks: AWS, Azure, GCP • Do an assessment now!
21 How to keep pace with new security tooling from cloud providers and finding what works best for you? AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - …
Compare and reduce lock-in risk 22 © 2018 Gartner, Inc.ID: 343562 Comparison of Cloud Console and Deployment Security GCP Stackdriver Logging (Cloud Security Command Center in Alpha Stage) AWS AWS CloudWatch, AWS CloudTrail AWS Guard Duty AWS Inspector AWS Trusted Advisor Azure Azure Monitor, Azure Operational Insights Advanced Threat Protection Azure Advisor Azure Security Center Visibility Tools Threat Protection Security Assessment Cloud Configuration Assessment Console and Deployment Security (Cloud Security Command Center in Alpha Stage) CSP Access Transparency AWS Organizations (Service Control Policies) Enterprise wide Policiesand Constraints (Access Transparency in Beta Stage) Azure Management Groups © 2018 Gartner, Inc.ID: 343562 Comparison of Instance Security GCPAWS AWS Inspector AWS Systems Manager Azure Azure Security Center Microsoft Antimalware for Azure Update Management (Part of Azure Automation) Vulnerability Assessment Endpoint Protection Patch Management Instance Security Source: Gartner Comparing Security Controls and Paradigms in AWS, Google Cloud Platformand Microsoft Azure, June 2018
Where are cloud security controls heading and how to better prepare for implementation and compliance? 23
Follow the Workloads 24 Image credit: Gartner, Inc
• Business intelligence and data analytics are great use cases for Cloud adoption 25 Follow the Data Credit: SANS Cloud adoption survey 2019
Extend to new cloud services – Off the beaten track 26 Goals: • Keep up with the pace of innovation • Be a business enabler while maintaining control • Get your foundations right: IAM, Network, Application, Data Protection and Ops Considerations: • Not always possible to install agents, for example Serverless/FaaS • Discover and implement best practices for every IaaS/PaaS service – today hundreds • Sometimes no best practices available, providers tend to be slow with security
Key Takeaways
Handling Multi- Cloud Deployments with a single console Migration of Security Controls to Cloud 01 Achieving compliance with security standards 02 03 Monitoring and assessing risk in continuous mode 04 Use Cases and Requirements 28 Migration Compliance Multi-Cloud Continuous
4 Steps Guidance 29 Check requirements for data and workloads in the cloud Extend existing workload security to the cloud (CWPP) Address cloud configuration assessment (CSPM) Handle Hybrid and prepare for Multi-Cloud
TestProduction 30 Internal Network Netsec SWAT/MS SUPPORT Clone & Scan Internal app External app Data Centre Cloudsec Appsec Hacker-In-A-Box + Workload Analytics Cloud On premise Outpost24 Hybrid Cloud Security
Comprehensive Full-Stack Solution 31 Combines all 3 into one solution
Sergio Loureiro Cloudsec Product Manager sel@outpost24.com +33 647 475 259 Thanks for listening! Q&A
33 1. Data Breaches 2. Misconfiguration and inadequate change control 3. Lack of cloud security architecture and strategy 4. Insufficient identity, credential, access and key management 5. Account hijacking 6. Insider threat 7. Insecure interfaces and APIs 8. Weak control plane 9. Metastructure and applistructure failures 10. Limited cloud usage visibility 11. Abuse and nefarious use of cloud services Cloud Security is different

Recommended

zenbanx security use case - Toronto FSI Symposium - October 2016
zenbanx security use case - Toronto FSI Symposium - October 2016zenbanx security use case - Toronto FSI Symposium - October 2016
zenbanx security use case - Toronto FSI Symposium - October 2016Amazon Web Services
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterUdaiappa Ramachandran
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageTrish McGinity, CCSK
 
HIPAA and HITRUST on AWS
HIPAA and HITRUST on AWSHIPAA and HITRUST on AWS
HIPAA and HITRUST on AWSLogicworksNY
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Trish McGinity, CCSK
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...Amazon Web Services
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudPredica Group
 

Recommended

zenbanx security use case - Toronto FSI Symposium - October 2016
zenbanx security use case - Toronto FSI Symposium - October 2016zenbanx security use case - Toronto FSI Symposium - October 2016
zenbanx security use case - Toronto FSI Symposium - October 2016Amazon Web Services
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterUdaiappa Ramachandran
 
CSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageCSA colorado 2016 presentation CloudPassage
CSA colorado 2016 presentation CloudPassageTrish McGinity, CCSK
 
HIPAA and HITRUST on AWS
HIPAA and HITRUST on AWSHIPAA and HITRUST on AWS
HIPAA and HITRUST on AWSLogicworksNY
 
Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Shawn Harris - CCSP SAH v2
Shawn Harris - CCSP SAH v2Trish McGinity, CCSK
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...Amazon Web Services
 
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...
RightScale Webinar - Coping With Cloud Migration Challenges: Best Practices a...RightScale
 
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudCloud Governance & DevOps: Must-have Tools on Your Journey to Azure Cloud
Cloud Governance & DevOps: Must-have Tools on Your Journey to Azure CloudPredica Group
 
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureCprime
 
cloud economics - Toronto FSI Symposium - October 2016
cloud economics - Toronto FSI Symposium - October 2016cloud economics - Toronto FSI Symposium - October 2016
cloud economics - Toronto FSI Symposium - October 2016Amazon Web Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud MigrationAmazon Web Services
 
InterVision-Overview.January-2016
InterVision-Overview.January-2016InterVision-Overview.January-2016
InterVision-Overview.January-2016Arthur Sobczyk
 
The Path to Broker Cloud Services
The Path to Broker Cloud ServicesThe Path to Broker Cloud Services
The Path to Broker Cloud ServicesRightScale
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAlert Logic
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes EverywhereAmazon Web Services
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleRightScale
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 

More Related Content

What's hot

Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureCprime
 
cloud economics - Toronto FSI Symposium - October 2016
cloud economics - Toronto FSI Symposium - October 2016cloud economics - Toronto FSI Symposium - October 2016
cloud economics - Toronto FSI Symposium - October 2016Amazon Web Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud MigrationAmazon Web Services
 
InterVision-Overview.January-2016
InterVision-Overview.January-2016InterVision-Overview.January-2016
InterVision-Overview.January-2016Arthur Sobczyk
 
The Path to Broker Cloud Services
The Path to Broker Cloud ServicesThe Path to Broker Cloud Services
The Path to Broker Cloud ServicesRightScale
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloudJulian Knight
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeAlert Logic
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAlert Logic
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes EverywhereAmazon Web Services
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleRightScale
 

What's hot (20)

Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS SummitUnified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
Unified Security through Armor and AWS - DEM05 - Atlanta AWS Summit
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
 
cloud economics - Toronto FSI Symposium - October 2016
cloud economics - Toronto FSI Symposium - October 2016cloud economics - Toronto FSI Symposium - October 2016
cloud economics - Toronto FSI Symposium - October 2016
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPR
 
10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration10 Best Practices to Accelerate your Cloud Migration
10 Best Practices to Accelerate your Cloud Migration
 
InterVision-Overview.January-2016
InterVision-Overview.January-2016InterVision-Overview.January-2016
InterVision-Overview.January-2016
 
The Path to Broker Cloud Services
The Path to Broker Cloud ServicesThe Path to Broker Cloud Services
The Path to Broker Cloud Services
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
AWS Shared Security Model in Practice
AWS Shared Security Model in PracticeAWS Shared Security Model in Practice
AWS Shared Security Model in Practice
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes Everywhere
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Optimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScaleOptimize Software, SaaS, and Cloud with Flexera and RightScale
Optimize Software, SaaS, and Cloud with Flexera and RightScale
 

Similar to Cloud Security Controls Best Practices for AWS, Azure and GCP

Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxBabatundeAbioye2
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Amazon Web Services
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud SecurityRightScale
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
Adopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceAdopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceKevin Hakanson
 
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Scalar Decisions
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpointCloudPassage
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceRightScale
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationNicholas Vossburg
 
The Benefits and Coverage of CloudMASTER Cloud Computing Classes
The Benefits and Coverage of CloudMASTER Cloud Computing ClassesThe Benefits and Coverage of CloudMASTER Cloud Computing Classes
The Benefits and Coverage of CloudMASTER Cloud Computing ClassesCarver Technology Consulting LLC
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
Evaluating the Cloud
Evaluating the CloudEvaluating the Cloud
Evaluating the CloudSociusPartner
 

Similar to Cloud Security Controls Best Practices for AWS, Azure and GCP (20)

Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 
Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security Outpost24 webinar - Busting the myths of cloud security
Outpost24 webinar - Busting the myths of cloud security
 
ShareResponsibilityModel.pptx
ShareResponsibilityModel.pptxShareResponsibilityModel.pptx
ShareResponsibilityModel.pptx
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
 
8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security8 Elements of Multi-Cloud Security
8 Elements of Multi-Cloud Security
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Csa dlp
Csa dlpCsa dlp
Csa dlp
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
Adopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with ConfidenceAdopting Multi-Cloud Services with Confidence
Adopting Multi-Cloud Services with Confidence
 
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
Building and Successfully Selling ISV Solutions with AWS Partner-Summit-Singa...
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
Webinar compiled powerpoint
Webinar compiled powerpointWebinar compiled powerpoint
Webinar compiled powerpoint
 
Best Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and ComplianceBest Practices for Multi-Cloud Security and Compliance
Best Practices for Multi-Cloud Security and Compliance
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
 
The Benefits and Coverage of CloudMASTER Cloud Computing Classes
The Benefits and Coverage of CloudMASTER Cloud Computing ClassesThe Benefits and Coverage of CloudMASTER Cloud Computing Classes
The Benefits and Coverage of CloudMASTER Cloud Computing Classes
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
AWS Services 7 Transformation Media
AWS Services 7 Transformation MediaAWS Services 7 Transformation Media
AWS Services 7 Transformation Media
 
Evaluating the Cloud
Evaluating the CloudEvaluating the Cloud
Evaluating the Cloud
 

More from Outpost24

Outpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
 
Outpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security ProgramOutpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security ProgramOutpost24
 
Outpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theftOutpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theftOutpost24
 
Outpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictionsOutpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictionsOutpost24
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24
 
Outpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technologyOutpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technologyOutpost24
 
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24
 
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24
 

More from Outpost24 (20)

Outpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystemOutpost24 webinar - A fresh look into the underground card shop ecosystem
Outpost24 webinar - A fresh look into the underground card shop ecosystem
 
Outpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdfOutpost24 webinar Why API security matters and how to get it right.pdf
Outpost24 webinar Why API security matters and how to get it right.pdf
 
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...
 
Outpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security ProgramOutpost24 Webinar - Five steps to build a killer Application Security Program
Outpost24 Webinar - Five steps to build a killer Application Security Program
 
Outpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theftOutpost24 webinar - How to protect your organization from credential theft
Outpost24 webinar - How to protect your organization from credential theft
 
Outpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictionsOutpost24 webinar : Beating hackers at their own game 2022 predictions
Outpost24 webinar : Beating hackers at their own game 2022 predictions
 
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24 webinar - Enhance user security to stop the cyber-attack cycle
Outpost24 webinar - Enhance user security to stop the cyber-attack cycle
 
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK FrameworkOutpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework
 
Outpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface managementOutpost24 webinar: best practice for external attack surface management
Outpost24 webinar: best practice for external attack surface management
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
Outpost24 Webinar - DevOps to DevSecOps: delivering quality and secure develo...
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
 
Outpost24 webinar - Api security
Outpost24 webinar - Api securityOutpost24 webinar - Api security
Outpost24 webinar - Api security
 
Outpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technologyOutpost24 Webinar - CISO conversation behind the cyber security technology
Outpost24 Webinar - CISO conversation behind the cyber security technology
 
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
Outpost24 webinar - Differentiating vulnerabilities from risks to reduce time...
 
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast laneOutpost24 webinar - How to secure cloud services in the DevOps fast lane
Outpost24 webinar - How to secure cloud services in the DevOps fast lane
 
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
Outpost24 webinar - Demystifying Web Application Security with Attack Surface...
 
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
Outpost24 webinar - Winning the cybersecurity race with predictive vulnerabil...
 
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
Outpost24 webinar - Bridging your cyber hygiene gap to prevent enterprise hac...
 
Outpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev opsOutpost24 webinar mastering container security in modern day dev ops
Outpost24 webinar mastering container security in modern day dev ops
 

Recently uploaded

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 

Recently uploaded (20)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 

Cloud Security Controls Best Practices for AWS, Azure and GCP

  • 1. Cloud Security Controls Best Practice Advanced Guidance for AWS, Azure and GCP workloads Sergio Loureiro Feb 2020
  • 2. Outpost24 at a glance 2 • Global HQ – Sweden • Sales – BeNeLux, DACH, Nordics, UK&I/France, US • MSSP and Reseller partners in additional locations • Over 150 full time staff
  • 3. Outpost24 experience in Cloud Security • Founding Member of the Cloud Security Alliance (CSA) and co-author of first guidelines for cloud security in 2009 • Founding Member of the CSA French chapter in 2012 and board member in 2019 • Discovery of AWS first vulnerabilities and seminal paper in 2011 • First product in the AWS marketplace in 2012, AWS partner since 2012, Azure Silver Partner • 2 international patents on cloud security 3
  • 4. Agenda • Where to start when migrating to IaaS and PaaS? • Why CWPP and CSPM are critical to cloud security? • What are the fundamental controls security teams must address now? • How to keep pace with new security tooling from cloud providers and finding what works best for you? • Where are cloud security controls heading and how to prepare for better implementation and compliance? 4
  • 5. 5 Where to start when migrating to IaaS and PaaS? • Through 2023, at least 99% of cloud security failures will be the customer’s fault. Gartner 2019
  • 6. Major Cloud Security Challenges 6 Credit: SANS Cloud adoption survey 2019
  • 7. Cloud Maturity Adoption 7 Migration Are you using cloud services securely? What is the risk? Compliance How to implement best practices? Show business value Multi-Cloud How to manage risk across different providers? Continuous Continuous alerts and continuous risk assessment
  • 8. Why CWPP and CSPM are critical to cloud security? 8 Image credit: Microsoft CWPPCSPM
  • 9. 9 What are the fundamental controls security teams must address now? • Cloud Security Posture Management • Cloud configuration Assessment • Cloud Workload Protection Platform • Vulnerability Management • Application security • Anti-virus, HIDS/HIPS, etc
  • 10. CSPM and CWPP Now • CIS AWS benchmark • CIS Azure benchmark • CIS GCP benchmark Cloud Security Posture Management - > Add Configuration Management Cloud Workload Protection Platforms -> Integrate controls Start with Identify • System Management • Vulnerability Assessment • Awareness Training 10
  • 11. What checks? = What is in the CIS benchmarks? CIS AWS • 49 checks • IAM, Logging, Monitoring, Networking CIS Azure • 97 checks • IAM, Security Center, Storage Accounts, SQL Services, Logging and Monitoring, Networking, Virtual Machines, Other
  • 12. Examples of CSPM: CIS AWS and CIS Azure Controls 12
  • 13. How to prioritize CSPM findings? • No CVSS • CIS benchmarks are marked scored/not scored • Azure Security Center has its own scoring • Without contextualization it’s hard to do • Ideally, tags will indicate the most critical systems and user tags to help prioritize results
  • 14. What is missing? AWS, Azure and GCP advanced services • More than 100 services on AWS, Azure and GCP • Start with foundational services (example of AWS): • Networking: SGs, VPCs, NACLs, CloudFront • Instances: EC2 • Storage: S3, EBS • IAM: rights and connection to AD
  • 15. Workloads: Mapping Cloud Controls to NIST CSF 15 Source: SANS How to Optimize Security Operations in the Cloud Through the Lens of the NIST Framework - Feb 2019
  • 16. 16 • Source: Gartner Market Guide to Cloud Workload Protection Platform 2017 CWPP
  • 18. Traditional Security is disrupted by Cloud • Shared responsibility • New layer of configuration (and misconfigurations) • Elasticity and Agile • Changing IPs for VMs • License model • Cloud Shadow IT • New cloud services every week • APIs for everything publicly accessible 18
  • 19. More than 73% organizations are using 2 or more public cloud providers • More attack surface • Goal: Knowing the surface • Harder to have visibility • Goal: Single pane of glass • Different services and tools • Goal: Controls homogeneity 19 Plan for Multi-Cloud Credit: SANS Cloud adoption survey 2019
  • 20. Get full visibility on workloads and configuration 20 • For CWPP, extend existing tools • Marketplace tools are available • Check for deployment model (SaaS, agents, appliances) • For CSPM, start with CIS benchmarks: AWS, Azure, GCP • Do an assessment now!
  • 21. 21 How to keep pace with new security tooling from cloud providers and finding what works best for you? AWS - Security Groups (firewall) - Trusted Advisor (high level) - Inspector (assessment) - Key Management Service - Identity and Access Management - Macie (DLP) - GuardDuty (threat detection) - Shield (DoS) - WAF (WAF) Azure - Azure Security Center - Security Groups (firewall) - Key Vault - Endpoint Protection - VM agent - …
  • 22. Compare and reduce lock-in risk 22 © 2018 Gartner, Inc.ID: 343562 Comparison of Cloud Console and Deployment Security GCP Stackdriver Logging (Cloud Security Command Center in Alpha Stage) AWS AWS CloudWatch, AWS CloudTrail AWS Guard Duty AWS Inspector AWS Trusted Advisor Azure Azure Monitor, Azure Operational Insights Advanced Threat Protection Azure Advisor Azure Security Center Visibility Tools Threat Protection Security Assessment Cloud Configuration Assessment Console and Deployment Security (Cloud Security Command Center in Alpha Stage) CSP Access Transparency AWS Organizations (Service Control Policies) Enterprise wide Policiesand Constraints (Access Transparency in Beta Stage) Azure Management Groups © 2018 Gartner, Inc.ID: 343562 Comparison of Instance Security GCPAWS AWS Inspector AWS Systems Manager Azure Azure Security Center Microsoft Antimalware for Azure Update Management (Part of Azure Automation) Vulnerability Assessment Endpoint Protection Patch Management Instance Security Source: Gartner Comparing Security Controls and Paradigms in AWS, Google Cloud Platformand Microsoft Azure, June 2018
  • 23. Where are cloud security controls heading and how to better prepare for implementation and compliance? 23
  • 24. Follow the Workloads 24 Image credit: Gartner, Inc
  • 25. • Business intelligence and data analytics are great use cases for Cloud adoption 25 Follow the Data Credit: SANS Cloud adoption survey 2019
  • 26. Extend to new cloud services – Off the beaten track 26 Goals: • Keep up with the pace of innovation • Be a business enabler while maintaining control • Get your foundations right: IAM, Network, Application, Data Protection and Ops Considerations: • Not always possible to install agents, for example Serverless/FaaS • Discover and implement best practices for every IaaS/PaaS service – today hundreds • Sometimes no best practices available, providers tend to be slow with security
  • 28. Handling Multi- Cloud Deployments with a single console Migration of Security Controls to Cloud 01 Achieving compliance with security standards 02 03 Monitoring and assessing risk in continuous mode 04 Use Cases and Requirements 28 Migration Compliance Multi-Cloud Continuous
  • 29. 4 Steps Guidance 29 Check requirements for data and workloads in the cloud Extend existing workload security to the cloud (CWPP) Address cloud configuration assessment (CSPM) Handle Hybrid and prepare for Multi-Cloud
  • 30. TestProduction 30 Internal Network Netsec SWAT/MS SUPPORT Clone & Scan Internal app External app Data Centre Cloudsec Appsec Hacker-In-A-Box + Workload Analytics Cloud On premise Outpost24 Hybrid Cloud Security
  • 32. Sergio Loureiro Cloudsec Product Manager sel@outpost24.com +33 647 475 259 Thanks for listening! Q&A
  • 33. 33 1. Data Breaches 2. Misconfiguration and inadequate change control 3. Lack of cloud security architecture and strategy 4. Insufficient identity, credential, access and key management 5. Account hijacking 6. Insider threat 7. Insecure interfaces and APIs 8. Weak control plane 9. Metastructure and applistructure failures 10. Limited cloud usage visibility 11. Abuse and nefarious use of cloud services Cloud Security is different