My SACON.IO conference presentation about how to architect secure IaaS/PaaS services.
Presentation mostly uses AWS examples, but relevant also to Azure / GCE and similar services.
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
Passing through the Lion’s den – How to sell cloud services to security guys:
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.
What the auditor need to know about cloud computingMoshe Ferber
As more and more workloads moving to the cloud , more practices need to be developed. ISACA and CSA launched the CCAK certification for auditors, in this presentation I will elaborate on highlight of auditor knowledge in Cloud.
Transforming cloud security into an advantageMoshe Ferber
- Moshe Ferber is an experienced information security professional who has founded and invested in several cloud security companies.
- The document discusses important concepts in cloud security including creating trust between cloud providers and customers, security best practices in development and operations, and compliance with standards and regulations.
- Key responsibilities in cloud security include securing data, applications, users and identities across the entire lifecycle from a shared responsibility model between providers and customers.
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
This presentation discuss how the Israeli banks should cope with the Israeli central bank cloud regulations. In the slide we examine different articles inside the cloud regulation and discuss the challenges and controls to be used.
Cloud security what to expect (introduction to cloud security)Moshe Ferber
This document provides an overview of cloud security presented by Moshe Ferber, a certified cloud security professional. It introduces cloud computing models including SaaS, PaaS, and IaaS. For IaaS, the document discusses that while the underlying infrastructure is managed by the cloud provider, customers are responsible for the security of guest operating systems, applications, and data. It also covers key IaaS security considerations like virtual machine access control, network visibility limitations, and the division of security responsibilities between customers and providers.
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our backend systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology.
But the described changes are being held back, and mostly because of information security. The root cause of the slow adoption of cloud among enterprises is Trust. Challenges around transparency, compliance, standardization and immature technologies are causing lack of trust between cloud stakeholders. And this lack of trust is the number one obstacle facing cloud computing.
So it is time for innovation. There is great demand for new, innovative solutions that will fuel the engines of the industry. Cloud Computing technologies can be innovative and ground breaking, this has been proved before. Today there are many areas where innovative solution can change the way we think and provide security.
In the presentation we will discuss the future of technologies like Identity Management, Encryption, API security and Big Data platforms and evaluate where we should improve the current technologies.
Regarding encryption - we know that current technologies are limited in our options to safe guard keys in virtual environments and that we don’t have solutions for using encryption as a method to increase real multi tenancy, audit and access controls, for all data types. Encryption technology must improve at all levels, starting from key management, file level encryption (IRM solutions) and other new technologies such as Homomorfic encryptions should be developed further to be effective.
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
Passing through the Lion’s den – How to sell cloud services to security guys:
Pitching your SaaS offering is usually fun, until the security guys walks into the room as anyone who try to promote cloud services to organizations probably knows. On the other hand, for the CISO, sometimes cloud vendors represent the sum of all their greatest fears.
So, how can providers of cloud based software do better job in satisfying those gate keepers? Learn to speak their language and understand their terminology and way of thinking. In this presentation we will walk through the do’s and don’ts when pitching to information security professionals, and try to better understand their motivation and how to address their concerns.
This presentation is an introduction to a workshop providing better tools for cloud based companies to overcome challenges when selling their offering.
What the auditor need to know about cloud computingMoshe Ferber
As more and more workloads moving to the cloud , more practices need to be developed. ISACA and CSA launched the CCAK certification for auditors, in this presentation I will elaborate on highlight of auditor knowledge in Cloud.
Transforming cloud security into an advantageMoshe Ferber
- Moshe Ferber is an experienced information security professional who has founded and invested in several cloud security companies.
- The document discusses important concepts in cloud security including creating trust between cloud providers and customers, security best practices in development and operations, and compliance with standards and regulations.
- Key responsibilities in cloud security include securing data, applications, users and identities across the entire lifecycle from a shared responsibility model between providers and customers.
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
This presentation discuss how the Israeli banks should cope with the Israeli central bank cloud regulations. In the slide we examine different articles inside the cloud regulation and discuss the challenges and controls to be used.
Cloud security what to expect (introduction to cloud security)Moshe Ferber
This document provides an overview of cloud security presented by Moshe Ferber, a certified cloud security professional. It introduces cloud computing models including SaaS, PaaS, and IaaS. For IaaS, the document discusses that while the underlying infrastructure is managed by the cloud provider, customers are responsible for the security of guest operating systems, applications, and data. It also covers key IaaS security considerations like virtual machine access control, network visibility limitations, and the division of security responsibilities between customers and providers.
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Moshe Ferber
We live in interesting times, at least from computer technology point of view. In the last couple years we change the way our backend systems function (Cloud Computing) and the way consume our front end interfaces (Mobility, the Internet of thing). It is safe to say that the technology changes we are now experiencing – will revolutionize the way we consume technology.
But the described changes are being held back, and mostly because of information security. The root cause of the slow adoption of cloud among enterprises is Trust. Challenges around transparency, compliance, standardization and immature technologies are causing lack of trust between cloud stakeholders. And this lack of trust is the number one obstacle facing cloud computing.
So it is time for innovation. There is great demand for new, innovative solutions that will fuel the engines of the industry. Cloud Computing technologies can be innovative and ground breaking, this has been proved before. Today there are many areas where innovative solution can change the way we think and provide security.
In the presentation we will discuss the future of technologies like Identity Management, Encryption, API security and Big Data platforms and evaluate where we should improve the current technologies.
Regarding encryption - we know that current technologies are limited in our options to safe guard keys in virtual environments and that we don’t have solutions for using encryption as a method to increase real multi tenancy, audit and access controls, for all data types. Encryption technology must improve at all levels, starting from key management, file level encryption (IRM solutions) and other new technologies such as Homomorfic encryptions should be developed further to be effective.
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
Every young company discovers that installing security in place can be expensive. So they need to manage the priorities. In the presentation we discuss the various phases in start-up life cycle and which security controls should be placed on each phase.
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
loud computing is evolving fast, and so are the threats and defense tactics. Cloud consumers and providers should always be aware of the latest risks and attack vectors and explore the latest security events to identify new attack vectors. Here, we’ll provide you with a list of the latest threats and discuss their effect on our security posture, and review a recent case study of attacks relevant to those threats.
Security architecture and cloud computing are not mutually exclusive according to Vladimir Jirasek, Director of Research at CSA UK. There is a direct map between cloud models (IaaS, PaaS, SaaS) and areas of security models (identity and access management, encryption, firewalls etc.). Responsibilities for security areas depend on the cloud model, with providers taking more responsibility in IaaS and customers taking more in SaaS. The document provides guidance on developing cloud security standards and managing security risks when using cloud computing.
Cloud and IoT is now in mainstream adoption phase, often being referred to as the fourth revolution. The presentation will share experiences from early adopters and focus on challenges that vendors will not share when selling cloud enablement services.
This document discusses Cloud Access Security Brokers (CASBs). It defines a CASB as a set of cloud security technologies that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure to extend security policies to third-party software and storage. CASBs help identify and manage cloud apps, enforce policies, provide data security through encryption and activity monitoring, and integrate with other security solutions. The document discusses how CASBs work using proxies or APIs, compares architectural choices, and lists some leading CASB providers like Microsoft, Imperva, Bitglass, and Cisco CloudLock.
Cloud Security Alliance UK presentation for Cloud World Forum 2015 in London. What companies should do to make correct decision when considering cloud solutions.
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
Vladimir Jirasek of Jirasek Consulting Services provides an overview of enterprise and security architecture as it relates to cloud computing. The presentation covers key topics like the responsibilities in security architecture domains, governance policies for cloud deployment, data security considerations, and identity and access management in the cloud. The goal is to help businesses build solid foundations to securely adopt cloud applications and services.
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
Zero trust security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the zero trust security approach is next-gen access which combines the critical capabilities of such technologies as identity as a service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a zero trust security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console, and the AWS Command Line Interface, and managing developer access to Amazon EC2 instances and containerized applications that run on them.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Cloud Access Security Brokers (CASBs) provide visibility and security controls for user activity and data access across cloud applications and services. CASBs work by connecting to cloud service APIs to monitor usage, covering both on-network and off-network access on managed and unmanaged devices. This helps CASBs enforce policies for compliance, data loss prevention, threat protection, and access control. Gartner recognizes several leading CASB vendors that offer capabilities across pillars like visibility, compliance, threat protection and data security when evaluating the CASB market.
Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Security as a Service (SaaS) is a new model for delivering traditional security applications like antivirus, email protection, and antispam through cloud-based services rather than installed software. With SaaS, all software and updates are hosted on the vendor's servers, eliminating the need for companies to purchase and maintain their own hardware and software. SaaS offers benefits like lower total cost of ownership, automatic updates, remote administration from any internet connection, and predictable annual licensing costs. While early offerings like McAfee ASaP were not widely adopted, widespread internet access and trends toward cloud computing mean SaaS is becoming the standard model for security solutions.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
One of the most important parts of the cloud is security. Your data is protected by both advanced threat protection and redundancy from cloud to cloud backup.
This presentation includes the concept of cloud security domains, flaws in security approaches, Datacenter requirement,
VMware NSX limitations and a new solution that should have a complete solution. Finally, a guideline to describe how to assessment of micro-segmentation.
Workshop: Threat Intelligence - Part 1
(Technology Taxonomy For Cloud Security,Key Components Of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics Of Cloud Security Access Brokers)
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
This document provides an overview of building secure cloud architecture. It discusses cloud characteristics and services models like IaaS, PaaS, and SaaS. It also covers the shared responsibility model between providers and customers. Additional topics include compliance requirements, privacy basics, architecting for availability, network separation, application protection, identity and access management, monitoring tools, log management, and containers security. The document aims to educate readers on best practices for securely designing cloud infrastructure and applications.
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
Securing DoD workloads in the cloud is no task to be taken lightly. Today's ever-changing threat landscape requires the advanced capabilities of Palo Alto Networks VM-Series Next Generation Firewall to secure your AWS deployment. Granular security controls based upon users, their applications and the content within those applications give you complete visibility into, and control over, the "who" (via User-ID), and "what" (via App-ID) of your cloud traffic while preventing both known and unknown threats. Coupled with Palo Alto Networks and Amazon's Secure Cloud Computing Architecture (SCCA) Quick Start deployment template, the process of attaining your accreditation is greatly streamlined. Automate your deployment on AWS with many required SCCA security controls both pre-configured and documented at the time of deployment. This session will relate the capabilities that Palo Alto Networks Next Generation Firewall brings to the cloud- including a product demonstration conducted on a VM-Series firewall running on AWS. The target audience is technical security practitioners and information assurance professionals who want to understand the capabilities of Palo Alto Networks on AWS, prevent data breaches, and efficiently attain their accreditation. Learn More: https://aws.amazon.com/government-education/
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
Every young company discovers that installing security in place can be expensive. So they need to manage the priorities. In the presentation we discuss the various phases in start-up life cycle and which security controls should be placed on each phase.
The Notorious 9 Cloud Computing Threats - CSA Congress, San JoseMoshe Ferber
loud computing is evolving fast, and so are the threats and defense tactics. Cloud consumers and providers should always be aware of the latest risks and attack vectors and explore the latest security events to identify new attack vectors. Here, we’ll provide you with a list of the latest threats and discuss their effect on our security posture, and review a recent case study of attacks relevant to those threats.
Security architecture and cloud computing are not mutually exclusive according to Vladimir Jirasek, Director of Research at CSA UK. There is a direct map between cloud models (IaaS, PaaS, SaaS) and areas of security models (identity and access management, encryption, firewalls etc.). Responsibilities for security areas depend on the cloud model, with providers taking more responsibility in IaaS and customers taking more in SaaS. The document provides guidance on developing cloud security standards and managing security risks when using cloud computing.
Cloud and IoT is now in mainstream adoption phase, often being referred to as the fourth revolution. The presentation will share experiences from early adopters and focus on challenges that vendors will not share when selling cloud enablement services.
This document discusses Cloud Access Security Brokers (CASBs). It defines a CASB as a set of cloud security technologies that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure to extend security policies to third-party software and storage. CASBs help identify and manage cloud apps, enforce policies, provide data security through encryption and activity monitoring, and integrate with other security solutions. The document discusses how CASBs work using proxies or APIs, compares architectural choices, and lists some leading CASB providers like Microsoft, Imperva, Bitglass, and Cisco CloudLock.
Cloud Security Alliance UK presentation for Cloud World Forum 2015 in London. What companies should do to make correct decision when considering cloud solutions.
Secure your cloud applications by building solid foundations with enterprise ...Vladimir Jirasek
Vladimir Jirasek of Jirasek Consulting Services provides an overview of enterprise and security architecture as it relates to cloud computing. The presentation covers key topics like the responsibilities in security architecture domains, governance policies for cloud deployment, data security considerations, and identity and access management in the cloud. The goal is to help businesses build solid foundations to securely adopt cloud applications and services.
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...Amazon Web Services
Zero trust security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the zero trust security approach is next-gen access which combines the critical capabilities of such technologies as identity as a service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a zero trust security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console, and the AWS Command Line Interface, and managing developer access to Amazon EC2 instances and containerized applications that run on them.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Cloud Access Security Brokers (CASBs) provide visibility and security controls for user activity and data access across cloud applications and services. CASBs work by connecting to cloud service APIs to monitor usage, covering both on-network and off-network access on managed and unmanaged devices. This helps CASBs enforce policies for compliance, data loss prevention, threat protection, and access control. Gartner recognizes several leading CASB vendors that offer capabilities across pillars like visibility, compliance, threat protection and data security when evaluating the CASB market.
Slide on Cloud Security. This defines the possible aspects on Cloud Security. Images are taken from different Websites which are mentioned on references section.
Security as a Service (SaaS) is a new model for delivering traditional security applications like antivirus, email protection, and antispam through cloud-based services rather than installed software. With SaaS, all software and updates are hosted on the vendor's servers, eliminating the need for companies to purchase and maintain their own hardware and software. SaaS offers benefits like lower total cost of ownership, automatic updates, remote administration from any internet connection, and predictable annual licensing costs. While early offerings like McAfee ASaP were not widely adopted, widespread internet access and trends toward cloud computing mean SaaS is becoming the standard model for security solutions.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
One of the most important parts of the cloud is security. Your data is protected by both advanced threat protection and redundancy from cloud to cloud backup.
This presentation includes the concept of cloud security domains, flaws in security approaches, Datacenter requirement,
VMware NSX limitations and a new solution that should have a complete solution. Finally, a guideline to describe how to assessment of micro-segmentation.
Workshop: Threat Intelligence - Part 1
(Technology Taxonomy For Cloud Security,Key Components Of Cloud Security Architecture,Blue Print To Build Your Cloud Security Program,Basics Of Cloud Security Access Brokers)
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
This document provides an overview of building secure cloud architecture. It discusses cloud characteristics and services models like IaaS, PaaS, and SaaS. It also covers the shared responsibility model between providers and customers. Additional topics include compliance requirements, privacy basics, architecting for availability, network separation, application protection, identity and access management, monitoring tools, log management, and containers security. The document aims to educate readers on best practices for securely designing cloud infrastructure and applications.
Palo Alto Networks and AWS: Streamline Your Accreditation with Superior Secur...Amazon Web Services
Securing DoD workloads in the cloud is no task to be taken lightly. Today's ever-changing threat landscape requires the advanced capabilities of Palo Alto Networks VM-Series Next Generation Firewall to secure your AWS deployment. Granular security controls based upon users, their applications and the content within those applications give you complete visibility into, and control over, the "who" (via User-ID), and "what" (via App-ID) of your cloud traffic while preventing both known and unknown threats. Coupled with Palo Alto Networks and Amazon's Secure Cloud Computing Architecture (SCCA) Quick Start deployment template, the process of attaining your accreditation is greatly streamlined. Automate your deployment on AWS with many required SCCA security controls both pre-configured and documented at the time of deployment. This session will relate the capabilities that Palo Alto Networks Next Generation Firewall brings to the cloud- including a product demonstration conducted on a VM-Series firewall running on AWS. The target audience is technical security practitioners and information assurance professionals who want to understand the capabilities of Palo Alto Networks on AWS, prevent data breaches, and efficiently attain their accreditation. Learn More: https://aws.amazon.com/government-education/
The document discusses Microsoft Azure storage solutions and services, highlighting key capabilities like Azure Files for file shares, Premium Storage for high performance workloads, and integration with hybrid solutions like StorSimple. It also provides an overview of Azure Storage APIs and compares Azure storage features to competitive offerings from AWS. The document is aimed at helping customers understand how Azure storage can meet their needs for scalability, reliability, security and hybrid cloud capabilities.
Find out how the Xero Cloud Security team deals with the accelerated pace of security brought about by cloud innovation occurring at Xero as they migrate “all-in” into the AWS cloud. Xero will share the Cloud Security team’s journey to the cloud, key success and learning points, as well as how they worked with Bulletproof to implement automated, repeatable and on-demand security with AWS that works at any scale. You will leave this session with actionable real-world knowledge & how to achieve AWS security posture best practices at minimal cost while delivering high value.
Verizon: Modernizing Enterprise Infrastructure with AWS - WIN307 - re:Invent ...Amazon Web Services
Over the past decade, Verizon built significant investments in on-premises technology. Migrating legacy applications and IT systems takes time, so architecting a secure and performant hybrid architecture is essential to Verizon’s cloud adoption. In this session, you see how Verizon operationalized their existing on-premises IT infrastructure with AWS while providing the flexibility needed for both modern and legacy applications. Verizon solved extremely challenging enterprise constraints. Learn from Verizon’s cloud experience, and see the resulting architectures designed to meet strict security and compliance requirements while delivering faster application and system migration.
- The document provides guidance on implementing security best practices on AWS using a prescriptive approach, beginning with understanding AWS's shared security responsibility model and then covering topics like building compliance foundations, integrating identity and access management, enabling detective controls, establishing network security, implementing data protection, optimizing change management, and automating security functions.
- It highlights AWS services and features for each topic and includes case studies showing how organizations have improved security and saved money by leveraging AWS security tools and services.
Cisco’s Cloud Strategy, including our acquisition of CliQr Cisco Canada
At Partner Summit we made a series of exciting announcements in our Cloud portfolio, including our acquisition of CliQr. Join us to learn about these new announcements and an understanding of Cisco’s Cloud Strategy.
- How does CliQr fit into our existing Cloud portfolio (Metapod, APIC, Enterprise Cloud Suite, Cloud Consumption-as-a-Service)?
- How does our Cloud portfolio today meet the needs of our customers? What problems are we solving?
- How does our portfolio today position us for the world of Containers and Microservices?
Join us for a presentation of how these announcements fit into our current environment and what they mean to your longer-term strategy.
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Amazon Web Services
AWS provides many services to assist customers with their journey to the cloud. Hybrid solutions offer customers a way to continue leveraging existing investments on-premises, while expanding their footprint into the public cloud. This session covers the different technologies available to support hybrid architectures on AWS. We discuss common patterns and anti-patterns for solving enterprise workloads across a hybrid environment.
IaaS Cloud Providers: A comparative analysisGraisy Biswal
The document compares IaaS providers Oracle, AWS, Cisco, and OpenStack on their approaches to common challenges faced in cloud computing. It discusses each provider's strategies for security of data, insufficiency of resources/expertise, complete governance over IT services, cloud cost management, dealing with multi-cloud environments, compliance, cloud migration, unformed technology, and cloud integration. The document aims to help readers understand how different providers address key issues for cloud service delivery.
After IAM and Detective Controls you’ll turn to Infrastructure Security, which means tuning AWS Service configurations, AMI composition, and hardening other digital assets that will be deployed. We will cover how to define networking architecture (e.g. VPC, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows, and how to determine Vulnerability Management and operational maintenance cadence.
Cloud Reference Architecture - Part 1 FoundationAmmar Hasayen
This presentation covers a practical approach for adopting and migrating on premises systems and applications to the Public Cloud. Based on a clear migration master plan, it helps companies and enterprises to be prepared for Cloud computing, what and how to successfully migrate or deploy systems on Cloud, preparing your IT organization with a sound Cloud Governance model, Security in the Cloud and how to reach the benefits of Cloud computing by automation and optimizing your cost and workloads.
Deploy a DoD Secure Cloud Computing Architecture Environment in AWSAmazon Web Services
The Department of Defense's Secure Cloud Computing Architecture (SCCA) guidance provides DoD mission owners the security requirements for building a DoD compliant and secure application environment in the cloud. This session will review the DoD Cloud Security Requirements Guide and the DoD SCCA pillars and how they apply to AWS services. We will demonstrate how to build a DoD SCCA environment through automation and configuration management tools as well as discuss how to document security controls implementations. We will answer common questions, such as: how do we connect to a DoD Cloud Access Point? How do we implement a least privilege access control model? And how do we automate security event notifications and remediate issues? This session is designed for both technical and information assurance professionals that want to understand the process to move DoD systems into AWS, secure them, and get them accredited.
Xero migrated their cloud infrastructure to AWS to improve data protection, eliminate scheduled downtime, maintain and improve security, and reduce costs per customer. They focused on automating security, accelerating the pace of security innovation, and creating on-demand security infrastructure that scales. Key learnings included measuring and testing everything, adopting a security-by-design approach, and ensuring good communication.
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
The Department of Defense's Secure Cloud Computing Architecture (SCCA) guidance provides DoD mission owners the security requirements for building a DoD compliant and secure application environment in the cloud. This session will review the DoD Cloud Security Requirements Guide and the DoD SCCA pillars and how they apply to AWS services. We will demonstrate how to build a DoD SCCA environment through automation and configuration management tools as well as discuss how to document security controls implementations. We will answer common questions, such as: how do we connect to a DoD Cloud Access Point? How do we implement a least privilege access control model? And how do we automate security event notifications and remediate issues? This session is designed for both technical and information assurance professionals that want to understand the process to move DoD systems into AWS, secure them, and get them accredited. Learn More: https://aws.amazon.com/government-education/
The Evolution of Cloud Architectures: Focusing More on the Business LogicScott Weber
As we compare traditional and modern cloud architectures, the importance lies in focusing more on the Business Logic. Learn more about how shifting your focus to the Business Logic will deliver more Business Value and improved ROI.
This document discusses three often overlooked capabilities in Azure Active Directory (Azure AD): Azure AD Domain Services, Azure AD App Proxy, and Azure Managed Service Identity.
Azure AD Domain Services allows organizations to set up an Active Directory domain in Azure that can be joined by virtual machines for authentication using Kerberos and NTLM. Azure AD App Proxy enables secure remote access to on-premises web apps by routing traffic through the Azure AD proxy service. Managed Service Identity provides a way for Azure resources like virtual machines to authenticate to Azure services without needing credentials stored in the resource.
George Churchill presented on Windows operations on AWS. The presentation covered the benefits of hosting Windows workloads on AWS, how to migrate Windows workloads to AWS, and how to operate Windows in AWS. It discussed establishing a cloud center of excellence and designing a multi-account AWS landing zone with identity management. Methods for Active Directory, configuration management, change management, backups, and governance/compliance in AWS were also presented.
In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with
basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks.
Speakers:
Miha Kralj, AWS Solutions Architect
Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat
Koen van den Biggelaar, AWS Solutions Architect
This document discusses integrating on-premises infrastructure with AWS. It examines integrated infrastructure using VPN and Direct Connect, integrated services like Active Directory and monitoring tools, and an integrated platform for deployment and management. Example integrated solutions discussed include storage expansion, backup/archiving, and continuous integration/deployment. The takeaways emphasize the importance of connectivity and authentication/authorization for hybrid integration.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
1. SACON
SACON International 2017
Moshe Ferber
CSA Israel
@Ferbermoshe
India | Bangalore | November 10 – 11 | Hotel Lalit Ashok
Architecting secure cloud services
2. SACON 2017
About myself
Information security professional for over 20 years
Founder, partner and investor at various cyber initiatives and startups
Popular industry speaker & lecturer (DEFCON, BLACKHAT, RSA and more)
Founding committee member for ISC2 CCSP certification.
CCSK Certification lecturer for the Cloud Security Alliance.
Member of the board at Macshava Tova – Narrowing societal gaps
Chairman of the Board, Cloud Security Alliance, Israeli Chapter
5. SACON 2017Physical Security
Network & Data Center
Security
Hypervisors Security
Virtual Machines & OS
security
Data layer & development
platform
Application
Identity Management
DATA
Audit & Monitoring
IaaS PaaS SaaS
Consumer
responsibility
Provider
responsibility
The shared responsibility model
6. SACON 2017
The CISO Challenge
How to build secure
applications
How to correctly evaluate your
provider
IaaS/PaaS SaaS
9. SACON 2017
Architecting for availability
US WEST
Region
AZ1 AZ2
AZ3 AZ4
Singapore
Region
AZ1 AZ2
AZ3
Mumbai
Region
AZ1 AZ2
Regions vs. Availability Zones
10. SACON 2017
Architecting for availability
DB
Mumbai AZ-1
DB DB
Internet
Load Balancer
Redundancy in one region
Mumbai AZ-2
WWWWWW WWW
Mumbai AZ-3
11. SACON 2017
Architecting for availability
DB
US-EAST1
DB DB
External CDN
US-EAST2 2nd provider
Redundancy in multiple regions/clouds
WWWWWWWWW
12. SACON 2017
Architecting for availability
• CDN providers can add resiliency, flexibility & redundancy
• Look for vendors who can add functionality:
DDOS protection
Web application firewall
Load Balancing
DNS management
13. SACON 2017
Architecting for network separation
Mumbai AZ-2 Mumbai AZ-3Mumbai AZ-1
DB
WWW WWWWWW
DBDB
Understanding VPC (Virtual Private Cloud) / Virtual Network
DB
WWW WWWWWW
DBDB
VPC A: Production
VPC B: Test
14. SACON 2017
DB Subnet MNGT subnetWeb SUBNET
WWW
WWW
Understanding VPC (Virtual Private Cloud) / Virtual Network
WWW
Router
DB
DB
DB
MQ
Monitoring
Logs
Production VPC 192.168.0.0
192.168.2.0192.168.1.0
203.0.115.0
192.168.3.0
Architecting for network separation
15. SACON 2017
Understanding VPC (Virtual Private Cloud) / Virtual Network
VPC is logical grouping of subnets &
instances, virtualizing physical data
center features
Architecting for network separation
16. SACON 2017
Understanding Security groups
Mumbai AZ-2 Mumbai AZ-3Mumbai AZ-1
WWW WWWWWW
DBDB DB
Security Group: web-servers Allow: 80/443
Security Group: DB-servers Allow: 3306 (MYSQL)
Architecting for network separation
17. SACON 2017
The advantages of Micro Segmentation
Architecting for network separation
Traditional Micro segmentation
19. SACON 2017
Architecting for network separation
Test VPC
Router
WWW
Application
DB
Internet
Production VPC
WWW
Application
DB
NAT
Gateway
Corporate
network
VPN
Access VPC
Bastion
Host
S3 EndPoint
20. SACON 2017
Web Application Firewall options
Architecting for application separation
3rd party as a
service
Internal
Provider
service
WAF Proxy
inside cloud
WAF client on
web instances
21. SACON 2017
Build application separation
Architecting for application separation
Utilize MQ services
to separate
application
components
Use API Gateways
& Serverless
functions
22. SACON 2017
Architecting for application separation
Front End
Back End
Queue
Service
S3 Storage
Serverless
Function
ApplicationServices
24. SACON 2017
Limiting blast Radius
Root Account
IAM Admin Security
Auditor
Billing
Admin
Super Admin
Service 1
Admin
Service 2
Admin
25. SACON 2017
Limiting blast Radius
Organization
Production
account
Test Account MNGT
Account
Production VPC
WWW
Application
DB
NAT
Test VPC
WWW
Application
DB
NAT
MNGT VPC
WWW
Application
DB
NAT
26. SACON 2017
Understanding storage options
Architecting for data security
Volume Storage
• Attached to a single
instance
• Not shared, accessible
only from the instance
• Useful in storing
instance OS
environment ,
application binaries ,
DB files and anything
instances need to
operate
Object Storage
• Provider managed
• Files are placed in
buckets
• Versioning & meta data
kept for all objects
• Files are accessible by
API or HTTP
• Independent from AZ
or instances
dependencies
• Useful for storing static
applications data,
backups, source code
and config files
Database service
• Provider managed
• Files are accessible by
DB API
• Vary between different
services: (structured,
unstructured and
more)
• Usually customer has
no access to underlying
DB infrastructure
CDN
• Cloud provider
proprietary service or
external 3rd party
services
• Provide flexibility and
resiliency
• Useful in serving static
content at late latency
• Usually accompanied
by additional services:
WAF, DDOS protection,
Load balancer…
27. SACON 2017
Volume storage
Architecting for data security
Backups
• Usually snapshots
• Customer
responsibility to keep
snapshots
inaccessible
• Don’t keep
application secrets
on disk
Redundancy
• Not redundant
• Access is made by a
service on the
instance OS (web
service I.e)
• If service fails, no
access
Encryption
• Storage encryption
with provider service
(i.e. AWS KMS, Azure
keyvault)
• Or OS Level
encryption software
(i.e. truecrypt,
bitlocker)
28. SACON 2017
Object storage
Architecting for data security
Backups
• Keeps versioning
system of files
• External backups
are recommended
(explore provider
services)
Redundancy
• Availability is
responsibility of
the provider
• Increased
availability can be
achieved by
replicating to other
regions
Encryption
• Service side:
Storage encryption
with provider
service (i.e. AWS
KMS, Azure key
vault)
• Or Client side using
provider SDK
29. SACON 2017
Database Storage (Database as a service)
Architecting for data security
Backups
• Automated backups
are made by provider
• External exports and
backups should be
made periodically,
just as any other
database
Redundancy
• Availability is
responsibility of the
provider but managed
by customer
• Architect multiple AZ
Encryption
• Service side: Storage
encryption with
provider service
usually at the
database level
• TDE can be used here
as well to encrypt at
table/ column level
30. SACON 2017
Encryption
Architecting for data security
OS
Storage
DB
Application
Encryption Layer
TDE
Storage Encryption
Full Disk Encryption Software
KMS
HSM
Virtual
instance
KEYS
31. SACON 2017
A r c h i t e c t i n g f o r C I / C D
Source: Cloud Security Alliance Guidelines
32. SACON 2017
A r c h i t e c t i n g f o r C I / C D
Source : AWS Security best practices
33. SACON 2017
A r c h i t e c t i n g f o r L o g M a n a g e m e n t
Portal Logs
• Cover API &
GUI access
Traffic Logs
• Network
traffic inside
VPC
Instances Logs
• Extracted
just like
traditional
OS
34. SACON 2017
A r c h i t e c t i n g f o r M o n i t o r i n g
Cloud Trail
S3
SIEM
Agent
Cloud WATCH
(Rules & Alerts)
SNS
(notifications)
VPC Flow Logs
OS Logs