Aligning Risk with Growth - Cloud Security for startups

•

5 likes•982 views

Every young company discovers that installing security in place can be expensive. So they need to manage the priorities. In the presentation we discuss the various phases in start-up life cycle and which security controls should be placed on each phase.

Software

Moshe Ferber, CCSK
Onlinecloudsec.com
Cloud Security
For Startups
Aligning Risk with Growth

About:
 Moshe Ferber, 39, lives in Modiin (+2).
 Information security professional for over 20 years.
 Popular industry speaker and lecturer.
 Founded Cloud7, Managed Security Services provider (currently owned
by Matrix).
 Shareholder at Clarisite – Your customer’s eye view
 Shareholder at FortyCloud – Make your public cloud private
 Member of the board at MacshavaTova – Narrowing societal gaps
 Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter.
2

The benefits of cloud computing are
clear, What are the risks?

Cloud
attack
vectors
Provider
Administration
Wide
Dashboard
Multi tenancy
&
Virtualization
Automation &
API
Chain of supply
Side Channel
attack
Insecure
Instances

Cyber attacks trends for
cloud computingCloud services
ransom malwares
Bitcoin
API
Attacks
Supply chain
Attacks

So, how to build your security?
Infrastructure security
Application Security
Operational security

Good Security is based on controls…
Preventive
• Firewall
(Security
Groups)
• Authentication
• AntiVirus
• Guards
Detective
• IDS
• System
monitoring
• Motion
detector
Corrective
• Upgrades &
Patches
• Vulnerability
scanning
Compensatory
• DRP & Backup
• Firewall logs
• Reviews
• Audit &
reconciliation
Based on http://www.sans.edu/research/security-
laboratory/article/security-controls

The security phases of startup
Phase 1 –
Building blocks
• From Seed to
the first
customers
Phase 2 –
Maturing
• Growing and
adding
customers.
Phase 3 – Build
trust
• Maturing your
services.

Phase 1 – Make sure you got the right
building blocks
 Plan your architecture: logical and physical segmentation.
 Understand your data lifecycle.
 Laws and regulations to consider.
 Choose your partners: software, IT, backend.
 Start your SSDLC building block – threat modeling.
Architecture.
 Implement IaaS best practices:
• Identity & Access.
• Compensating controls

Build your dashboard with permissions
Users &
resources
RolesGroups

Best practices for IAM
Don’t use master
account
Delete root access key
Enable MFA for critical
users
Apply good password
policy
Rotate credential
periodically
Safeguard your host &
access keys
Create individual users with
specific roles

Compensating controls
Activate billing
alerts
API & Dashboards
logs
Cold
Backup
Active
Secondary
site
External & Multi Cloud
Backups:
Encrypt data in
transit

Phase 2
 Production environment is now maturing. Its time for roles
separation at production.
 Authentication mechanism should be mature by now.
 Security in Software Development life cycle (SSDLC) should
take more focus.
vulnerability scan &
penetration tests
Identity Federation
Services
Encryption of data at
rest
Security training for
R&D

Phase 3
 operational security begins to matter.
 More detective controls should be placed.
 Incident management procedures should mature.
 Transparency will be an advantage.
DR, BC and active
secondary location
Log management &
Event correlation.
Patch & change
management
Automation of
configuration
Ongoing security
awareness program

 Cloud security is maturing fast (it took us over 20 years to
secure the PC…)
 Security is expensive, but with the right building blocks you
can integrate with the grow of business.
 Make sure you do the basics from the first day, it will be hard
to add them later.
To wrap things up…
Don’t be the next CodeSpaces

Keep in Touch
 Moshe Ferber
 moshe@onlinecloudsec.com
 www.onlinecloudsec.com
 http://il.linkedin.com/in/MosheFerber
Cloud Security Course Schedule can be find at:
http://www.onlinecloudsec.com/course-schedule

We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our backend systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology. But the described changes are being held back, and mostly because of information security. The root cause of the slow adoption of cloud among enterprises is Trust. Challenges around transparency, compliance, standardization and immature technologies are causing lack of trust between cloud stakeholders. And this lack of trust is the number one obstacle facing cloud computing. So it is time for innovation. There is great demand for new, innovative solutions that will fuel the engines of the industry. Cloud Computing technologies can be innovative and ground breaking, this has been proved before. Today there are many areas where innovative solution can change the way we think and provide security. In the presentation we will discuss the future of technologies like Identity Management, Encryption, API security and Big Data platforms and evaluate where we should improve the current technologies. Regarding encryption - we know that current technologies are limited in our options to safe guard keys in virtual environments and that we don’t have solutions for using encryption as a method to increase real multi tenancy, audit and access controls, for all data types. Encryption technology must improve at all levels, starting from key management, file level encryption (IRM solutions) and other new technologies such as Homomorfic encryptions should be developed further to be effective.

Surviving the lions den - how to sell SaaS services to security oriented cust...

Moshe Ferber

Passing through the Lion’s den – How to sell cloud services to security guys: Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears. So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns. This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.

The Notorious 9 Cloud Computing Threats - CSA Congress, San Jose

Moshe Ferber

loud computing is evolving fast, and so are the threats and defense tactics. Cloud consumers and providers should always be aware of the latest risks and attack vectors and explore the latest security events to identify new attack vectors. Here, we’ll provide you with a list of the latest threats and discuss their effect on our security posture, and review a recent case study of attacks relevant to those threats.

Cloud security what to expect (introduction to cloud security)

Moshe Ferber

This document provides an overview of cloud security presented by Moshe Ferber, a certified cloud security professional. It introduces cloud computing models including SaaS, PaaS, and IaaS. For IaaS, the document discusses that while the underlying infrastructure is managed by the cloud provider, customers are responsible for the security of guest operating systems, applications, and data. It also covers key IaaS security considerations like virtual machine access control, network visibility limitations, and the division of security responsibilities between customers and providers.

Cloud security for banks - the central bank of Israel regulations for cloud s...

Moshe Ferber

The Cloud & I, The CISO challenges with Cloud Computing

Moshe Ferber

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

Moshe Ferber

In the presentation, we plan to announce the full version of a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with the reduced attack surface.

Transforming cloud security into an advantage

Moshe Ferber

- Moshe Ferber is an experienced information security professional who has founded and invested in several cloud security companies. - The document discusses important concepts in cloud security including creating trust between cloud providers and customers, security best practices in development and operations, and compliance with standards and regulations. - Key responsibilities in cloud security include securing data, applications, users and identities across the entire lifecycle from a shared responsibility model between providers and customers.

The document proposes CloudKeyBank, a key management framework that addresses the confidentiality, search privacy, and owner authorization of outsourced encryption keys. It does so using a new cryptographic primitive called Searchable Conditional Proxy Re-Encryption (SC-PRE) that combines Hidden Vector Encryption and Proxy Re-Encryption. The framework allows key owners to encrypt keys for outsourcing while maintaining privacy and granting controlled authorization. It aims to solve security issues not addressed by traditional outsourced data solutions.

Architect secure cloud services.

Moshe Ferber

What the auditor need to know about cloud computing

Moshe Ferber

Cloud security

BikashPokharel3

cloud security ppt

Devyani Vaidya

This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.

AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...

Amazon Web Services

Zero trust security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the zero trust security approach is next-gen access which combines the critical capabilities of such technologies as identity as a service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a zero trust security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console, and the AWS Command Line Interface, and managing developer access to Amazon EC2 instances and containerized applications that run on them.

Cloud Security & Cloud Encryption Explained

Porticor - The Cloud Security Experts

Cloud Security Demystified

Michael Torres

The Top Cloud Security Issues

HTS Hosting

Cloud Security - Kloudlearn

KloudLearn

Cyber Security and Cloud Computing

Keet Sugathadasa

Introduction to Cloud Security

Susanne Tedrick

This document provides an introduction to cloud security. It discusses the shared responsibility model of cloud security between customers and providers for different cloud service models like IaaS, PaaS, and SaaS. It outlines some common cloud security risks like data leakage, malware injections, DDoS attacks, and insecure APIs. The document then defines cloud security and discusses key questions around responsibility, fortification, and controls. It introduces the NIST Cybersecurity Framework as an important resource for managing cyber risks and provides additional resources for researching cloud providers' security programs and NIST guidelines on cloud computing security and privacy.

Cloud risk and business continuity v21

Jorge Sebastiao

Cloud security

Tushar Kayande

Cloud computing allows users to access data and software over the internet rather than locally. While convenient, this presents security risks as users lose some control over their data. Common threats include hacking, malware, and insider privileges being misused. However, the document outlines security measures for cloud computing like encryption, access control, backups, and continuous monitoring that can help protect users if implemented properly. The key is treating security as an ongoing process rather than a one-time event.

Strategy Cloud and Security as a Service

Aberla

This document discusses security challenges in cloud computing and McAfee's strategy to address them. It notes that organizations lost $1 trillion to cybercrime last year and that cloud adoption faces security concerns. McAfee's cloud strategy involves providing security from, in, and for the cloud. It offers the broadest security-as-a-service portfolio using global threat intelligence to provide real-time protection across multiple threat vectors and deployment options.

SaaS (Software-as-a-Service) as-a-secure-service

Tayyaba Farhat

This document discusses security issues with Software as a Service (SaaS) and potential solutions. It outlines key security concerns like data integrity, authentication, authorization and security of data transmission. The document also mentions common vulnerabilities like injection attacks, cross-site scripting, broken authentication. Researchers are pointed out to test SaaS applications for security loopholes and help vendors strengthen mechanisms to address vulnerabilities before exploitation. Overall, while SaaS provides benefits, security must be embedded throughout architecture, applications, networks and user access to fully protect from threats.

Cloud Computing Security - Cloud Controls Security

Hari Kumar

CASB — Your new best friend for safe cloud adoption?

Digital Transformation EXPO Event Series

Stop Hackers with Integrated CASB & IDaaS Security

OneLogin

The document discusses how CASB (Cloud Access Security Broker) and IDaaS (Identity-as-a-Service) security solutions from OneLogin and CloudLock can help organizations address their top 5 cyber threats: account compromises, insider threats, cloud-resident malware, shadow IT, and data breaches. It provides examples of each threat and how the integrated CASB and IDaaS platform detects anomalous user behavior and takes action to prevent threats. The presentation encourages organizations to be proactive in security, get visibility into sanctioned vs unsanctioned cloud application usage, and tightly integrate identity management with data security policies.

Cloud security for financial services

Moshe Ferber

Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx

lior mazor

Nowadays data-driven products in the cloud are delivered faster, IT resources become more responsive and productive with lower costs and higher performance for data operations. Causing Cyber Security risks involved in accessing sensitive data and regulatory compliance requirements. Join us virtually for our upcoming "Why 2024 will become the Year of SaaS Security" Meetup to learn how to resolve SaaS security posture management with AI tools and how to secure your cloud attack surface. Agenda: 17:00 - 17:10 - 'Opening Words' - by Gidi Farkash (Pipl Security) 17:10 - 17:50 - 'How to Resolve SaaS Security Posture Management with GEN AI' - by Ofer Klein (Reco) 17:50 - 18:20 - 'Foundation of Cloud Monitoring' - by Moshe Ferber (Cloud Security Alliance Israel) 18:20 - 19:00 - 'AI in the Hands of the Cyber Protectors' - by Tal Shapira, P.h.D (Reco)

Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...

United States Cybersecurity Institute (USCSI®)

What's hot

Cloud keybank privacy and owner authorization

Pvrtechnologies Nellore

Architect secure cloud services.

Moshe Ferber

What the auditor need to know about cloud computing

Moshe Ferber

Cloud security

BikashPokharel3

cloud security ppt

Devyani Vaidya

AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...

Amazon Web Services

Cloud Security & Cloud Encryption Explained

Porticor - The Cloud Security Experts

Cloud Security Demystified

Michael Torres

The Top Cloud Security Issues

HTS Hosting

Cloud Security - Kloudlearn

KloudLearn

Cyber Security and Cloud Computing

Keet Sugathadasa

Introduction to Cloud Security

Susanne Tedrick

Cloud risk and business continuity v21

Jorge Sebastiao

Cloud security

Tushar Kayande

Strategy Cloud and Security as a Service

Aberla

SaaS (Software-as-a-Service) as-a-secure-service

Tayyaba Farhat

Cloud Computing Security - Cloud Controls Security

Hari Kumar

CASB — Your new best friend for safe cloud adoption?

Digital Transformation EXPO Event Series

Stop Hackers with Integrated CASB & IDaaS Security

OneLogin

What's hot (19)

Cloud keybank privacy and owner authorization

Architect secure cloud services.

What the auditor need to know about cloud computing

Cloud security

cloud security ppt

AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...

Cloud Security & Cloud Encryption Explained

Cloud Security Demystified

The Top Cloud Security Issues

Cloud Security - Kloudlearn

Cyber Security and Cloud Computing

Introduction to Cloud Security

Cloud risk and business continuity v21

Cloud security

Strategy Cloud and Security as a Service

SaaS (Software-as-a-Service) as-a-secure-service

Cloud Computing Security - Cloud Controls Security

CASB — Your new best friend for safe cloud adoption?

Stop Hackers with Integrated CASB & IDaaS Security

Similar to Aligning Risk with Growth - Cloud Security for startups

Cloud security for financial services

Moshe Ferber

Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx

lior mazor

Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...

United States Cybersecurity Institute (USCSI®)

UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf

United States Cybersecurity Institute (USCSI®)

Crush Cloud Complexity, Simplify Security - Shield X

Prime Infoserv

The session will be focusing how cloud-native security platform can continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment. Additionally it will also cover the Automated policy generation through agent-less security controls makes protecting data and applications the easiest thing to do in the cloud. The Speaker of the session will be Dr. Ratinder Paul Singh Ahuja, Founder and Chief Research and Development Officer, Shield X, USA Dr. Ratinder leads ShieldX and its mission as its central pivot point. Drawing from a career as a successful serial entrepreneur and corporate leader, he brings his unique blend of business acumen, industry network and deep technical knowledge. At his previous start-ups, Internet Junction, Webstacks and Reconnex he served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security, and data-loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India, and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 61 patents for security-based technologies, and has presented in many public forums, including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS, and the Cloud Expo.

Securing Your Public Cloud Infrastructure

Qualys

Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure. To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications. In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure. The presentation covers: • Challenges surrounding increased migration to public clouds • Using automation for secure DevOps • How to ensure effective and efficient operations To watch the on-demand webcast, visit https://lps.qualys.com/securing-your-public-cloud-infrastructure.html

CSS17: Houston - Introduction to Security in the Cloud

Alert Logic

Csa about-threats-june-2010-ibm

Sergio Loureiro

This document summarizes the work of the Cloud Security Alliance (CSA), a global non-profit organization focused on promoting best practices for security in cloud computing. The CSA has over 10,000 individual members from various industries and expertise areas working on cloud security issues. Some of the CSA's key initiatives include developing a Cloud Controls Matrix to help organizations assess security risks in cloud environments, as well as research projects on cloud metrics and the Consensus Assessments Initiative. The document outlines the top threats to cloud computing such as data leakage, malicious insiders, and insecure APIs. It also provides highlights from the CSA's guidance on best practices for governance and operating in the cloud.

Daniel Grabski | Microsofts cybersecurity story

Microsoft Österreich

The document discusses Microsoft's approach to security and how the threat landscape is evolving. It emphasizes building an integrated security experience that combines data from across Microsoft products and services with machine learning to better detect and respond to threats. It also outlines Microsoft's strategy to make attacks more costly for threat actors by disrupting their economic models and technical playbooks through rapid response capabilities and a defense in depth approach across identity, devices, infrastructure and applications.

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al

Alert Logic

This document discusses security challenges in cloud computing. It notes that infrastructure has changed from buying hardware to using infrastructure as a service in the cloud. Security has also changed as cybercrime has become more organized and targets both large and small companies. While the cloud can be secure, it also introduces new security challenges around lack of control, increased threat surfaces, and difficulty tuning security tools. Effective cloud security requires applying the same standards as on-premises, understanding shared security responsibilities between the customer and cloud provider, and adopting a new approach tailored to the cloud. The document promotes Alert Logic as a solution that provides full-stack security monitoring, detection and protection across cloud workloads and applications.

2012-01 How to Secure a Cloud Identity Roadmap

Raleigh ISSA

This document provides a summary of cloud identity and security topics. It begins with an overview of cloud computing market dynamics and the evolution to cloud-based services. It then discusses building a cloud roadmap and key security considerations when integrating internal IT with external cloud services. The concept of a "cloud broker" is introduced as a way to centrally manage user access and identities across multiple cloud applications and services. The document concludes with an introduction to Symplified as a provider of cloud identity broker solutions.

Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...

Amazon Web Services

While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools. Key takeaways from this session include how to: - Design a workload-centric security architecture - Improve visibility of AWS-only or hybrid environments - Stop patching live instances but still prevent exploits Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro

AWS Summit Auckland Platinum Sponsor presentation - Trend Micro

Amazon Web Services

This document summarizes a presentation given by Chris Harwood of Healthdirect Australia about their migration to AWS and use of Trend Micro Deep Security. The key points are: 1) Healthdirect Australia provides various health services and needed to migrate to the cloud to improve scalability, security, and agility. 2) Migrating to AWS helped Healthdirect address issues like limited capacity, high costs, and inability to respond quickly with their traditional on-premises environment. 3) Security was a major concern for Healthdirect due to the sensitive healthcare data they handle. Trend Micro Deep Security provided host-based security that fit their needs on AWS. 4) Deep Security's agent-

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

Mark Simos

Cloud Security_ Unit 4

Integral university, India

Fundamentals of Microsoft 365 Security , Identity and Compliance

Vignesh Ganesan I Microsoft MVP

The document provides an overview of a webinar on Microsoft security, compliance, and identity fundamentals presented by Vignesh Ganesan. The webinar covers Microsoft 365 security, Microsoft compliance solutions like information protection and governance, and Microsoft identity including Azure Active Directory. It summarizes the three main components that will be focused on: Microsoft security, Microsoft identity, and Microsoft compliance. It also outlines some of the key capabilities within each area and compares Microsoft's offerings to other vendors in the space.

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

James Strong

Is that requirement from NIST 800-53 Controls or NIST 800-190? If you've ever wondered where those pesky cloud security controls come from, this meetup is for you. In this Meetup, Jame Strong and Jason Lutz from Contino (an AWS Premier Consulting Partner) will discuss how Contino views DevSecOps. They will review the Benefits of DevSecOps: - Cost Reduction - Speed of Delivery - Speed of Recovery - Security is Federated - DevSecOps Fosters a Culture of Openness and Transparency During this Meetup, James and Jason will show you how to harden and secure a container pipeline and AWS network. Briefly, they will demonstrate how to deploy accounts with a Cloud Security Posture and review security best practices from AWS, CIS, and NIST. They will also touch on how to integrate changes in your infrastructure pipelines to adhere to your Enterprise's Security Compliance Guidelines. If you're interested in integrating security and compliance into your Application and Infrastructure pipelines to realize the benefits of DevSecOps, join us in this virtual meetup.

Data security in cloud

Interop

The document discusses data security challenges in cloud computing environments. It notes that threats have evolved significantly over time and now hackers operate as an industry, automating attacks for profit. While the cloud provides benefits like scalability, it also introduces new security risks if data is not properly protected. The document recommends eight steps companies can take to secure their data in cloud environments, such as using reputation-based defenses, virtual patching techniques, and unifying network and data security controls.

Webinar Mastering Microsoft Security von Baggenstos

JenniferMete1

Chap 6 cloud security

Raj Sarode

Similar to Aligning Risk with Growth - Cloud Security for startups (20)

Cloud security for financial services

Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx

Understanding Cloud Security - An In-Depth Exploration For Business Growth | ...

UNDERSTANDING CLOUD SECURITY- AN IN-DEPTH EXPLORATION FOR BUSINESS GROWTH.pdf

Crush Cloud Complexity, Simplify Security - Shield X

Securing Your Public Cloud Infrastructure

CSS17: Houston - Introduction to Security in the Cloud

Csa about-threats-june-2010-ibm

Daniel Grabski | Microsofts cybersecurity story

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al

2012-01 How to Secure a Cloud Identity Roadmap

Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...

AWS Summit Auckland Platinum Sponsor presentation - Trend Micro

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

Cloud Security_ Unit 4

Fundamentals of Microsoft 365 Security , Identity and Compliance

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

Data security in cloud

Webinar Mastering Microsoft Security von Baggenstos

Chap 6 cloud security

Recently uploaded

Transform Your Communication with Cloud-Based IVR Solutions

TheSMSPoint

Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony

Microservice Teams - How the cloud changes the way we work

Sven Peters

A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams? Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.

一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理

dakas1

UMN硕士毕业证成绩单【微信95270640】购买（明尼苏达大学毕业证成绩单硕士学历）Q微信95270640代办UMN学历认证留信网伪造明尼苏达大学学位证书精仿明尼苏达大学本科/硕士文凭证书补办明尼苏达大学 diplomaoffer,Transcript购买明尼苏达大学毕业证成绩单购买UMN假毕业证学位证书购买伪造明尼苏达大学文凭证书学位证书,专业办理雅思、托福成绩单，学生ID卡，在读证明，海外各大学offer录取通知书，毕业证书，成绩单，文凭等材料:1:1完美还原毕业证、offer录取通知书、学生卡等各种在读或毕业材料的防伪工艺（包括烫金、烫银、钢印、底纹、凹凸版、水印、防伪光标、热敏防伪、文字图案浮雕，激光镭射，紫外荧光，温感光标）学校原版上有的工艺我们一样不会少，不论是老版本还是最新版本，都能保证最高程度还原，力争完美以求让所有同学都能享受到完美的品质服务。 #毕业证成绩单 #毕业証 #成绩单 #學生卡 #OFFER录取通知书 #雅思#托福等…… 国外大学明尼苏达大学明尼苏达大学毕业证offer制作方法（一对一专业服务） 1客户提供办理信息：姓名生日专业学位毕业时间等（如信息不确定可以咨询顾问：我们有专业老师帮你查询）； 2开始安排制作毕业证成绩单电子图； 3毕业证成绩单电子版做好以后发送给您确认； 4毕业证成绩单电子版您确认信息无误之后安排制作成品； 5成品做好拍照或者视频给您确认； 6快递给客户（国内顺丰国外DHLUPS等快读邮寄） — — 制作工艺【高仿真】— — 凭借多年的制作经验本公司制作明尼苏达大学明尼苏达大学毕业证offer《激光》《水印》《钢印》《烫金》《紫外线》凹凸版uv版等防伪技术一流高精仿度几乎跟学校100%相同！让您绝对满意。 — — -公司理念【诚信为主】— — — 我們以質量求生存.以服务求发展有雄厚的实力专业的团队咨询顾问为您细心解答可详谈是真是假眼见为实让您真正放心平凡人生,尽我所能助您一臂之力让我們携手圆您梦想! 此贴长年有效【贴心专线/微-信: 95270640】敬请保留此联系方式以备用！如有不在线请给我们留言！我们将在第一时间给您回复!上散发着一抹抹的光晕而这每处自然形成的细节融合在一起浑然天成的美实在令人心生愉悦小道的周边无秩序的生长着几株艳丽的野花红的粉的紫的虽混乱无章却给这幅美景更增添一份性感夹杂着一份纯洁的妖娆毫无违和感实在给人带来一份悠然幸福的心情如果说现在的审美已经断然拒绝了无声的话那么在树林间飞掠而过的小鸟叽叽咋咋的叫声是否就是这最后的点睛之笔悠然走在林间的小路上宁静与清香一丝丝的盛夏气息吸入身体昔日生活里的繁忙多

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions

Peter Muessig

The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.

GreenCode-A-VSCode-Plugin--Dario-Jurisic

Green Software Development

KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD

rodomar2

Fundamentals of Programming and Language Processors

Rakesh Kumar R

316895207-SAP-Oil-and-Gas-Downstream-Training.pptx

ssuserad3af4

zOS Mainframe JES2-JES3 JCL-JECL Differences

YousufSait3

Enums On Steroids - let's look at sealed classes !

Marcin Chrost

Malibou Pitch Deck For Its €3M Seed Round

sjcobrien

All you need to know about Spring Boot and GraalVM

Alina Yurenko

原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样

mz5nrf0n

原版一模一样【微信：741003700 】【美国纽约州立大学奥尔巴尼分校毕业证学位证书】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies

Quickdice ERP

How Can Hiring A Mobile App Development Company Help Your Business Grow?

ToXSL Technologies

Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis

Envertis Software Solutions

When it is all about ERP solutions, companies typically meet their needs with common ERP solutions like SAP, Oracle, and Microsoft Dynamics. These big players have demonstrated that ERP systems can be either simple or highly comprehensive. This remains true today, but there are new factors to consider, including a promising new contender in the market that’s Odoo. This blog compares Odoo ERP with traditional ERP systems and explains why many companies now see Odoo ERP as the best choice. What are ERP Systems? An ERP, or Enterprise Resource Planning, system provides your company with valuable information to help you make better decisions and boost your ROI. You should choose an ERP system based on your company’s specific needs. For instance, if you run a manufacturing or retail business, you will need an ERP system that efficiently manages inventory. A consulting firm, on the other hand, would benefit from an ERP system that enhances daily operations. Similarly, eCommerce stores would select an ERP system tailored to their needs. Because different businesses have different requirements, ERP system functionalities can vary. Among the various ERP systems available, Odoo ERP is considered one of the best in the ERp market with more than 12 million global users today. Odoo is an open-source ERP system initially designed for small to medium-sized businesses but now suitable for a wide range of companies. Odoo offers a scalable and configurable point-of-sale management solution and allows you to create customised modules for specific industries. Odoo is gaining more popularity because it is built in a way that allows easy customisation, has a user-friendly interface, and is affordable. Here, you will cover the main differences and get to know why Odoo is gaining attention despite the many other ERP systems available in the market.

Lecture 2 - software testing SE 412.pptx

TaghreedAltamimi

ALGIT - Assembly Line for Green IT - Numbers, Data, Facts

Green Software Development

在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样

mz5nrf0n

原版一模一样【微信：741003700 】【加拿大英属哥伦比亚大学毕业证本科学位证书】【微信：741003700 】学位证，留信认证（真实可查，永久存档）offer、雅思、外壳等材料/诚信可靠,可直接看成品样本，帮您解决无法毕业带来的各种难题！外壳，原版制作，诚信可靠，可直接看成品样本。行业标杆！精益求精，诚心合作，真诚制作！多年品质 ,按需精细制作，24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题，包您满意。本公司拥有海外各大学样板无数，能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma 1:1完美还原海外各大学毕业材料上的工艺：水印，阴影底纹，钢印LOGO烫金烫银，LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700 留信网认证的作用: 1:该专业认证可证明留学生真实身份 2:同时对留学生所学专业登记给予评定 3:国家专业人才认证中心颁发入库证书 4:这个认证书并且可以归档倒地方 5:凡事获得留信网入网的信息将会逐步更新到个人身份内，将在公安局网内查询个人身份证信息后，同步读取人才网入库信息 6:个人职称评审加20分 7:个人信誉贷款加10分 8:在国家人才网主办的国家网络招聘大会中纳入资料，供国家高端企业选择人才

Energy consumption of Database Management - Florina Jonuzi

Green Software Development

Recently uploaded (20)

Transform Your Communication with Cloud-Based IVR Solutions

Microservice Teams - How the cloud changes the way we work

一比一原版(UMN毕业证)明尼苏达大学毕业证如何办理

UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions

GreenCode-A-VSCode-Plugin--Dario-Jurisic

KuberTENes Birthday Bash Guadalajara - Introducción a Argo CD

Fundamentals of Programming and Language Processors

316895207-SAP-Oil-and-Gas-Downstream-Training.pptx

zOS Mainframe JES2-JES3 JCL-JECL Differences

Enums On Steroids - let's look at sealed classes !

Malibou Pitch Deck For Its €3M Seed Round

All you need to know about Spring Boot and GraalVM

原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样

E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies

How Can Hiring A Mobile App Development Company Help Your Business Grow?

Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis

Lecture 2 - software testing SE 412.pptx

ALGIT - Assembly Line for Green IT - Numbers, Data, Facts

在线购买加拿大英属哥伦比亚大学毕业证本科学位证书原版一模一样

Energy consumption of Database Management - Florina Jonuzi

Aligning Risk with Growth - Cloud Security for startups

1. Moshe Ferber, CCSK Onlinecloudsec.com Cloud Security For Startups Aligning Risk with Growth

2. About:  Moshe Ferber, 39, lives in Modiin (+2).  Information security professional for over 20 years.  Popular industry speaker and lecturer.  Founded Cloud7, Managed Security Services provider (currently owned by Matrix).  Shareholder at Clarisite – Your customer’s eye view  Shareholder at FortyCloud – Make your public cloud private  Member of the board at MacshavaTova – Narrowing societal gaps  Co-Chairman of the Board, Cloud Security Alliance, Israeli Chapter. 2

3. The benefits of cloud computing are clear, What are the risks?

4. Cloud attack vectors Provider Administration Wide Dashboard Multi tenancy & Virtualization Automation & API Chain of supply Side Channel attack Insecure Instances

5. Cyber attacks trends for cloud computingCloud services ransom malwares Bitcoin API Attacks Supply chain Attacks

6. So, how to build your security? Infrastructure security Application Security Operational security

7. Good Security is based on controls… Preventive • Firewall (Security Groups) • Authentication • AntiVirus • Guards Detective • IDS • System monitoring • Motion detector Corrective • Upgrades & Patches • Vulnerability scanning Compensatory • DRP & Backup • Firewall logs • Reviews • Audit & reconciliation Based on http://www.sans.edu/research/security- laboratory/article/security-controls

8. The security phases of startup Phase 1 – Building blocks • From Seed to the first customers Phase 2 – Maturing • Growing and adding customers. Phase 3 – Build trust • Maturing your services.

9. Phase 1 – Make sure you got the right building blocks  Plan your architecture: logical and physical segmentation.  Understand your data lifecycle.  Laws and regulations to consider.  Choose your partners: software, IT, backend.  Start your SSDLC building block – threat modeling. Architecture.  Implement IaaS best practices: • Identity & Access. • Compensating controls

10. Build your dashboard with permissions Users & resources RolesGroups

11. Best practices for IAM Don’t use master account Delete root access key Enable MFA for critical users Apply good password policy Rotate credential periodically Safeguard your host & access keys Create individual users with specific roles

12. Compensating controls Activate billing alerts API & Dashboards logs Cold Backup Active Secondary site External & Multi Cloud Backups: Encrypt data in transit

13. Phase 2  Production environment is now maturing. Its time for roles separation at production.  Authentication mechanism should be mature by now.  Security in Software Development life cycle (SSDLC) should take more focus. vulnerability scan & penetration tests Identity Federation Services Encryption of data at rest Security training for R&D

14. Phase 3  operational security begins to matter.  More detective controls should be placed.  Incident management procedures should mature.  Transparency will be an advantage. DR, BC and active secondary location Log management & Event correlation. Patch & change management Automation of configuration Ongoing security awareness program

15. Questions?

16.  Cloud security is maturing fast (it took us over 20 years to secure the PC…)  Security is expensive, but with the right building blocks you can integrate with the grow of business.  Make sure you do the basics from the first day, it will be hard to add them later. To wrap things up… Don’t be the next CodeSpaces

17. Keep in Touch  Moshe Ferber  moshe@onlinecloudsec.com  www.onlinecloudsec.com  http://il.linkedin.com/in/MosheFerber Cloud Security Course Schedule can be find at: http://www.onlinecloudsec.com/course-schedule

Aligning Risk with Growth - Cloud Security for startups

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Aligning Risk with Growth - Cloud Security for startups

Similar to Aligning Risk with Growth - Cloud Security for startups (20)

Recently uploaded

Recently uploaded (20)

Aligning Risk with Growth - Cloud Security for startups