SlideShare a Scribd company logo

12 steps to_cloud_security

Download as PPT, PDF
Wisecube AI
Wisecube AI

The document outlines a 12 step guide to securing cloud deployments using open source tools. It discusses responsibilities in securing infrastructure, protecting networks using tools like VPCs and firewalls, hardening machine images, encrypting data at rest and in transit, patching and access control for instances, application security best practices, auditing and monitoring, validation testing, automating security processes, and updating security policies. The steps provide a continuous process to improve cloud security.

1 of 16
12 Steps to Cloud Security A guide to securing your cloud deployment using open source tools Vishnu Vettrivel Principal Engineering Lead, Atigeo @cloudronin
Step 1: Know your responsibility • Cloud providers are responsible for some parts of the infrastructure stack. • The other parts of the security stack is your responsibility. • You are usually responsible for Application Security, Policies and configuration, machine images etc.
Step 2. Protect your Network • Use Defense in Depth and services like: • Virtual Private Clouds • Network ACLs • Routing rules • Proxy Servers • NAT • Firewalls • Application • Host • Network
Step 3: Protect your Machine Images • Be sure your harden your images first • Turn off insecure ports and services • Change default passwords. • Install AV Software • Consider using a Baseline
Step 4: Protect your Data at Rest • Know the different Cloud storage mechanisms and their Security implications. • De-Identify when possible • Understand the choices of Encryption primitives like key strength and Ciphers types. • Don’t forget Secure Archival and Disposal of Data.
Step 5: Protect your Data in Transit • Use secure application protocols whenever possible. • TLS • SSH • RDP • Securely Tunnel traffic when not possible: • IPSEC • SSL VPN • SSH • Use a Key Management System
Step 6: Protect and Patch your Instances • Define and Categorize Cloud based assets • Watch out for Zero Days • Classify Risk • Patch Affected Systems • Use a Configuration Management System
Step 7: Protect Access to your Instances • Create Individual User accounts • Use Role based Access • Grant Least privilege based on Business Need • Enable Multi-Factor Authentication for Privileged Users • Audit all User Activity • Federate all User Access through a Directory Service
Step 8: Protect your Applications • Implement AAA (Authentication, Authorization and Auditing). • Familiarize yourself with the OWASP Top 10 Application Security Flaws. • Follow Secure Development Best Practices.
Step 9: Audit and Monitor your Cloud • Gather monitoring data at a secure and separate Network • Establish baselines • Monitor all layers and Protocols • Deploy the IDS behind the Network firewall • Fine tune alert levels • Use redundant alerting channels
Step 10: Validate your Protection • Test Network, Infrastructure and Applications separately for Security Vulnerabilities periodically • Check for Input validation, session manipulation, authentication and information leakage • Use 3rd Party Tools where possible
Step 11: Automate Everything • Use a Configuration Management System • Employ Continuous Integration and Delivery. • Automated Provisioning helps: • Documentation • BCP/DR Planning • Change Management • Treat Infrastructure as Code.
Step 12: Update your Security Policy •Define security scope and boundaries •Select proper risk Assessment Methodology. •Align policies to Contractual Obligations •Choose a suitable Security control framework
Step 13 ? There is no magic bullet! • Some things are easier and some are harder in the Cloud • Conventional security and compliance concepts still apply in the cloud. • The 12 Steps will get your started on your continuous security improvement cycle
Resources  https://s3.amazonaws.com/awsmedia/AWS_Security_Best_Practices.pdf  http://checklists.nist.gov/  https://www.us-cert.gov/  https://www.owasp.org/index.php/Top_10_2013-Top_10  https://www.cert.org/incident-management/  http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html  https://en.wikipedia.org/wiki/Penetration_test  http://www.drdobbs.com/architecture-and-design/top-10-practices-for- effective-devops/240149363  https://en.wikipedia.org/wiki/Information_security_management_system
Thank You Vishnu Vettrivel Principal Engineering Lead, Atigeo @cloudronin @atigeo xpatterns.com linkedin.com/ company/atigeo

Recommended

Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
SVForum Cloud SIG
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security Introduction
GLC Networks
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
NCCOMMS
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
Microsoft Azure
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
Runcy Oommen
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 

Recommended

Encryption in the Cloud
Encryption in the CloudEncryption in the Cloud
Encryption in the Cloud
SVForum Cloud SIG
 
Cloud Security Introduction
Cloud Security IntroductionCloud Security Introduction
Cloud Security Introduction
GLC Networks
 
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-MelhaouiCSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
CSF18 - Implementing Gartners #1 - Whitelisting- Karim El-Melhaoui
NCCOMMS
 
Microsoft Azure Security Infographic
Microsoft Azure Security InfographicMicrosoft Azure Security Infographic
Microsoft Azure Security Infographic
Microsoft Azure
 
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the CloudCSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
Security for cloud native workloads
Security for cloud native workloadsSecurity for cloud native workloads
Security for cloud native workloads
Runcy Oommen
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
NCCOMMS
 
Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
Simform
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
 
Cloud security
Cloud securityCloud security
Cloud security
Jhanvi Dattani
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
David Strom
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
North Texas Chapter of the ISSA
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallRisk Analysis Consultants, s.r.o.
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
NCCOMMS
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
David Strom
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Alert Logic
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
CounterSnipe-v9.0
CounterSnipe-v9.0CounterSnipe-v9.0
CounterSnipe-v9.0Amar Rathore
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 
Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
Vincent Giersch
 

More Related Content

What's hot

Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
Simform
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
 
Cloud security
Cloud securityCloud security
Cloud security
Jhanvi Dattani
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
David Strom
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
North Texas Chapter of the ISSA
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudCloudPassage
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
NCCOMMS
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
David Strom
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
Cheah Eng Soon
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
VMUG IT
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
Scott Hoag
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
 
Cloud security
Cloud securityCloud security
Cloud security
Tushar Kayande
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
Sophos Benelux
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Alert Logic
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
Alert Logic
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
 

What's hot (20)

Serverless Security Checklist
Serverless Security ChecklistServerless Security Checklist
Serverless Security Checklist
 
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
 
Cloud security
Cloud securityCloud security
Cloud security
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
QualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application FirewallQualysGuard InfoDay 2013 - Web Application Firewall
QualysGuard InfoDay 2013 - Web Application Firewall
 
Technologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the CloudTechnologies You Need to Safely Use the Cloud
Technologies You Need to Safely Use the Cloud
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
VMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend MicroVMUGIT UC 2013 - 03b Trend Micro
VMUGIT UC 2013 - 03b Trend Micro
 
Global Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security CenterGlobal Azure Bootcamp 2018 - Azure Security Center
Global Azure Bootcamp 2018 - Azure Security Center
 
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
 
Cloud security
Cloud securityCloud security
Cloud security
 
Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014Anatomy of an Attack - Sophos Day Belux 2014
Anatomy of an Attack - Sophos Day Belux 2014
 
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msftCss sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
Css sf azure_8-9-17-microsoft_azure_security_overview_babak suzani_msft
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous ComplianceReaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
 
CounterSnipe-v9.0
CounterSnipe-v9.0CounterSnipe-v9.0
CounterSnipe-v9.0
 
#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration#ALSummit: Live Cyber Hack Demonstration
#ALSummit: Live Cyber Hack Demonstration
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 

Similar to 12 steps to_cloud_security

Chapter08
Chapter08Chapter08
Chapter08
Muhammad Ahad
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
Vincent Giersch
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
Sam Bowne
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
Islam Azeddine Mennouchi
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
Paulo Renato
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
Sameer Paradia
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
Micro Focus
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12
gameaxt
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
Cloud Standards Customer Council
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018
Nicolas Destor
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
Security Innovation
 
Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...
aish006
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
Hentsū
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)
Amy Nicewick, CISSP, CCSP, CEH
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
EduclentMegasoftel
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Standards Customer Council
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
Hostway|HOSTING
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Derrick Hunter
 

Similar to 12 steps to_cloud_security (20)

Chapter08
Chapter08Chapter08
Chapter08
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Webdays blida mobile top 10 risks
Webdays blida mobile top 10 risksWebdays blida mobile top 10 risks
Webdays blida mobile top 10 risks
 
Azure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure CloudAzure 101: Shared responsibility in the Azure Cloud
Azure 101: Shared responsibility in the Azure Cloud
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018Nicolas destor pres_f5agility2018
Nicolas destor pres_f5agility2018
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...Decentralized cloud firewall framework with resources provisioning cost optim...
Decentralized cloud firewall framework with resources provisioning cost optim...
 
Cloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving itCloud Security for Regulated Firms - Securing my cloud and proving it
Cloud Security for Regulated Firms - Securing my cloud and proving it
 
Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)Cloud application security (CCSP Domain 4)
Cloud application security (CCSP Domain 4)
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
HIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best PracticesHIPAA 101 Compliance Threat Landscape & Best Practices
HIPAA 101 Compliance Threat Landscape & Best Practices
 
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentationOwasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
Owasp A9 USING KNOWN VULNERABLE COMPONENTS IT 6873 presentation
 

Recently uploaded

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 

Recently uploaded (20)

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 

12 steps to_cloud_security

  • 1. 12 Steps to Cloud Security A guide to securing your cloud deployment using open source tools Vishnu Vettrivel Principal Engineering Lead, Atigeo @cloudronin
  • 2. Step 1: Know your responsibility • Cloud providers are responsible for some parts of the infrastructure stack. • The other parts of the security stack is your responsibility. • You are usually responsible for Application Security, Policies and configuration, machine images etc.
  • 3. Step 2. Protect your Network • Use Defense in Depth and services like: • Virtual Private Clouds • Network ACLs • Routing rules • Proxy Servers • NAT • Firewalls • Application • Host • Network
  • 4. Step 3: Protect your Machine Images • Be sure your harden your images first • Turn off insecure ports and services • Change default passwords. • Install AV Software • Consider using a Baseline
  • 5. Step 4: Protect your Data at Rest • Know the different Cloud storage mechanisms and their Security implications. • De-Identify when possible • Understand the choices of Encryption primitives like key strength and Ciphers types. • Don’t forget Secure Archival and Disposal of Data.
  • 6. Step 5: Protect your Data in Transit • Use secure application protocols whenever possible. • TLS • SSH • RDP • Securely Tunnel traffic when not possible: • IPSEC • SSL VPN • SSH • Use a Key Management System
  • 7. Step 6: Protect and Patch your Instances • Define and Categorize Cloud based assets • Watch out for Zero Days • Classify Risk • Patch Affected Systems • Use a Configuration Management System
  • 8. Step 7: Protect Access to your Instances • Create Individual User accounts • Use Role based Access • Grant Least privilege based on Business Need • Enable Multi-Factor Authentication for Privileged Users • Audit all User Activity • Federate all User Access through a Directory Service
  • 9. Step 8: Protect your Applications • Implement AAA (Authentication, Authorization and Auditing). • Familiarize yourself with the OWASP Top 10 Application Security Flaws. • Follow Secure Development Best Practices.
  • 10. Step 9: Audit and Monitor your Cloud • Gather monitoring data at a secure and separate Network • Establish baselines • Monitor all layers and Protocols • Deploy the IDS behind the Network firewall • Fine tune alert levels • Use redundant alerting channels
  • 11. Step 10: Validate your Protection • Test Network, Infrastructure and Applications separately for Security Vulnerabilities periodically • Check for Input validation, session manipulation, authentication and information leakage • Use 3rd Party Tools where possible
  • 12. Step 11: Automate Everything • Use a Configuration Management System • Employ Continuous Integration and Delivery. • Automated Provisioning helps: • Documentation • BCP/DR Planning • Change Management • Treat Infrastructure as Code.
  • 13. Step 12: Update your Security Policy •Define security scope and boundaries •Select proper risk Assessment Methodology. •Align policies to Contractual Obligations •Choose a suitable Security control framework
  • 14. Step 13 ? There is no magic bullet! • Some things are easier and some are harder in the Cloud • Conventional security and compliance concepts still apply in the cloud. • The 12 Steps will get your started on your continuous security improvement cycle
  • 15. Resources  https://s3.amazonaws.com/awsmedia/AWS_Security_Best_Practices.pdf  http://checklists.nist.gov/  https://www.us-cert.gov/  https://www.owasp.org/index.php/Top_10_2013-Top_10  https://www.cert.org/incident-management/  http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html  https://en.wikipedia.org/wiki/Penetration_test  http://www.drdobbs.com/architecture-and-design/top-10-practices-for- effective-devops/240149363  https://en.wikipedia.org/wiki/Information_security_management_system
  • 16. Thank You Vishnu Vettrivel Principal Engineering Lead, Atigeo @cloudronin @atigeo xpatterns.com linkedin.com/ company/atigeo