SlideShare a Scribd company logo

Cloud Computing - Critical Areas of Focus

H
Herwono W. Wijaya

This presentation was presented at IT Audit & Security Meetup #4 Sharing in The Cloud at Indonesian Cloud. The rise of cloud computing as an ever evolving technology brings with it a number of opportunities and challenges. So we need to focus on critical areas to mitigating the risks associated with the adoption of cloud computing technology.

Technology
1 of 21
Download to read offline
Meetup #4 IT Audit & Security Sharing in the Cloud © 2017 PT. Indonesian Cloud Cloud Computing Critical Areas of Focus PUBLIC Public Release Authorized
2 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud Herwono W. Wijaya Head of Cyber Security Division He started his career in IT industry for more than 10 years ago, started as a programmer and a Linux system engineer with experience in various IT projects both in Indonesia and outside Indonesia, while security (hacking) itself is his hobby. Now he is more active as a security professional that focuses on the implementation of security as a business enabler for the organization and he also learn a lot about virtualization and cloud computing technology and sometimes still doing the programming in his spare times. He held certification of C|EH, VMware vExpert. At IndonesianCloud he’s responsible as a head of the cybersecurity division and cybersecurity business unit. He's responsible for all relevant compliance, and IT security in the organization and also to ensure target achievement of the cybersecurity business unit. HERE IS A LITTLE BIT ABOUT ME herwonowr@indonesiancloud.com linkedin.com/in/herwonowr @HerwonoWr ABOUT ME
3 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud AGENDA OVERVIEW CLOUD COMPUTING INTRODUCTION CRITICAL AREAS IN CLOUD COMPUTING BONUS Taking over Docker host from Container (Portainer, Docker, & CoreOS)
4 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud OVERVIEW The rise of cloud computing as an ever evolving technology brings with it a number of opportunities and challenges. We need to focus on Critical areas of focus to mitigating the risks associated with the adoption of cloud computing technology.
5 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CLOUD COMPUTING INTRODUCTION Cloud Computing Definition Cloud computing is a new operational model and set of technologies for managing shared pools of computing resources. Essential Characteristics Resource Pooling Broad Network Access Rapid Elasticity Measured Service On-Demand Self-Service Service Models IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Development Models Public Private Hybrid
6 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CLOUD COMPUTING INTRODUCTION con’t Cloud Computing Models Who owns and manages? Infrastructure Managed By Infrastructure Located Accessible and Consumed By Public Private Hybrid Third-Party Provider Off-Premises Untrusted Trusted Organization Third-Party Provider On-Premises Off-Premises Both Organization & Third-Party Provider Both On-Premises & Off-Premises Trusted & Untrusted
7 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CLOUD COMPUTING INTRODUCTION con’t Security Responsibilities Service Models IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Security Responsibility Mostly Consumer Mostly Provider
8 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING Critical Areas of Focus DOMAIN 01 Governance and Enterprise Risk Management DOMAIN 02 Legal Issues, Contracts and Electronic Discovery DOMAIN 03 Compliance and Audit Management DOMAIN 04 Information Governance DOMAIN 05 Management Plane and Business Continuity DOMAIN 06 Infrastructure Security DOMAIN 07 Virtualization and Containers DOMAIN 08 Incident Response, Notification and Remediation DOMAIN 09 Application Security DOMAIN 10 Data Security and Encryption DOMAIN 11 Identity, Entitlement, and Access Management
9 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 01 Governance and Enterprise Risk Management § Identify the shared responsibilities of security and risk management § Understand how a contract affects your governance § Develop a process for cloud provider assessments § Align risk requirements to the specific assets § Create a specific risk management and risk acceptance/mitigation methodology § Use controls to manage residual risks § Use tooling to track approved providers based on asset classification
10 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 02 Legal Issues, Contracts and Electronic Discovery § Understand the relevant legal and regulatory frameworks § Understand the policies, requirements and capabilities § Conduct a comprehensive evaluation of a proposed cloud service § Understand how cloud provider physically operates and stores information
11 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 03 Compliance and Audit Management § Understand the compliance obligations § Understand the scope of assessments and certifications, including both the controls and the features/services covered § Select auditors with experience in cloud computing § Keep a register of cloud providers used
12 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 04 Information Governance § Determine your governance requirements § Ensure information governance policies and practices extend to the cloud § Use the data security lifecycle to help model data handling and controls (Don’t bring bad habits)
13 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 05 Management Plane and Business Continuity § Management plane (metastructure) security § E.g. Consistently implement least privilege accounts for metastructure access § Business continuity § Take a risk-based approach to everything § Consider your DR plan
14 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 06 Infrastructure Security § Know the infrastructure security of your provider or platform § Make sure your provider is following cloud infrastructure best- practices and regulations § Understand your network security § Understand and comply with cloud provider limitations on vulnerability assessments and penetration testing
15 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 07 Virtualization and Containers § Understand Virtualization Security § Understand the capabilities offered by cloud providers as well as any security gaps § Properly configure virtualization services § Understand Containers Security § Understand the security isolation capabilities § Ensure that only approved, known, and secure container images can be deployed
16 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 08 Incident Response, Notification and Remediation § Understand the SLAs and setting expectations around what the customer does versus what the provider does § Set up proper communication paths with the provider § Understand the content and format of data that the cloud provider will supply for analysis purposes § Continuous monitoring § Understand your incident response plan and how those change in the cloud
17 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 09 Application Security § Understand the new architectural options and requirements in the cloud § Build security into the initial design process § Reviewing SDLC basics and how those change in the cloud § Understand the security capabilities of your cloud providers to leveraging cloud capabilities for more secure cloud applications
18 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 10 Data Security and Encryption § Understand the specific capabilities of the cloud platform you are using § Don’t dismiss cloud provider data security. In many cases it is more secure than building your own, and comes at a lower cost § Create an entitlement matrix for determining access controls § Use the appropriate encryption option based on the threat model for your data, business, and technical requirements § Consider use of encryption and storage options § Leverage architecture to improve data security § Ensure both API and data-level monitoring are in place
19 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 11 Identity, Entitlement, and Access Management § Organizations should develop a comprehensive and formalized plan and processes for managing identities and authorizations with cloud services § Develop an entitlement matrix for each cloud provider § Prefer Attribute-based access control (ABAC) over Role-based access control (RBAC) for cloud computing
20 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud BONUS Taking over Docker host from Container DEMO TIME Container Management Docker Engine Host Operating System
Thank You!

Recommended

Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
scoopnewsgroup
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
NetworkCollaborators
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
NetworkCollaborators
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summits
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
scoopnewsgroup
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
 

Recommended

Moving Beyond Zero Trust
Moving Beyond Zero TrustMoving Beyond Zero Trust
Moving Beyond Zero Trust
scoopnewsgroup
 
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
Cisco Connect 2018 Indonesia - software-defined access-a transformational ap...
NetworkCollaborators
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera Technologies
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformationCisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
Cisco Connect 2018 Malaysia - Cisco services-guiding your digital transformation
NetworkCollaborators
 
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summit Singapore 2019 | Learn How to Achieve Complete Visibility, Strong ...
AWS Summits
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
scoopnewsgroup
 
The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing The Cloud & I, The CISO challenges with Cloud Computing
The Cloud & I, The CISO challenges with Cloud Computing
Moshe Ferber
 
Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - Twistlock
Amazon Web Services
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
Priyanka Aash
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
Moshe Ferber
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
Amazon Web Services
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
NetworkCollaborators
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)
Priyanka Aash
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
lior mazor
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Mark Silverberg
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Amazon Web Services
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Moshe Ferber
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
Priyanka Aash
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startups
Moshe Ferber
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018
Alejandro Daricz
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
Moshe Ferber
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
Robb Boyd
 
Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
Dan Fitzgerald, CISSP, CIPM
 
Moving to the Cloud-How to Develop Cloud Strategy for Your Organization
Moving to the Cloud-How to Develop Cloud Strategy for Your OrganizationMoving to the Cloud-How to Develop Cloud Strategy for Your Organization
Moving to the Cloud-How to Develop Cloud Strategy for Your Organization
Emtec Inc.
 

More Related Content

What's hot

Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
Moshe Ferber
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
Amazon Web Services
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Amazon Web Services
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Moshe Ferber
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
Synopsys Software Integrity Group
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
Robb Boyd
 

What's hot (20)

Security at the Speed of Software - Twistlock
Security at the Speed of Software - TwistlockSecurity at the Speed of Software - Twistlock
Security at the Speed of Software - Twistlock
 
SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)SecOps Workshop (Gregory Pickett)
SecOps Workshop (Gregory Pickett)
 
Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
AWS Security Best Practices in a Zero Trust Security Model - DEM08 - Toronto ...
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
 
SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)SACON - Cloud Security Architecture (Moshe Ferber)
SACON - Cloud Security Architecture (Moshe Ferber)
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
Cloud Encryption Gateways (how enterprises can leverage cloud SaaS without co...
 
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019 Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
Modernizing Traditional Security - DEM13 - AWS re:Inforce 2019
 
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
Cloud security innovation - Cloud Security Alliance East Europe Congress 2013
 
SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)SACON - Threat hunting (Chandra Prakash)
SACON - Threat hunting (Chandra Prakash)
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startups
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
 
Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018Esg lab-validation-check-point-cloud guard-mar-2018
Esg lab-validation-check-point-cloud guard-mar-2018
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
Architect secure cloud services.
Architect secure cloud services.Architect secure cloud services.
Architect secure cloud services.
 
Webinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at ScaleWebinar–Best Practices for DevSecOps at Scale
Webinar–Best Practices for DevSecOps at Scale
 
Enterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without CompromiseEnterprise-Grade Trust: Collaboration Without Compromise
Enterprise-Grade Trust: Collaboration Without Compromise
 

Similar to Cloud Computing - Critical Areas of Focus

Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
Dan Fitzgerald, CISSP, CIPM
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
David Linthicum
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
promediakw
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Standards Customer Council
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
David Linthicum
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Norm Barber
 

Similar to Cloud Computing - Critical Areas of Focus (20)

Thin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud SecurityThin Air or Solid Ground? Practical Cloud Security
Thin Air or Solid Ground? Practical Cloud Security
 
Moving to the Cloud-How to Develop Cloud Strategy for Your Organization
Moving to the Cloud-How to Develop Cloud Strategy for Your OrganizationMoving to the Cloud-How to Develop Cloud Strategy for Your Organization
Moving to the Cloud-How to Develop Cloud Strategy for Your Organization
 
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK CertificationGetting Your IT Security Learners Ready for the Cloud with CCSK Certification
Getting Your IT Security Learners Ready for the Cloud with CCSK Certification
 
Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013Geting cloud architecture right the first time linthicum interop fall 2013
Geting cloud architecture right the first time linthicum interop fall 2013
 
2014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v012014 2nd me cloud conference trust in the cloud v01
2014 2nd me cloud conference trust in the cloud v01
 
SpeedyCloud Technologies - Beijing, China
SpeedyCloud Technologies - Beijing, ChinaSpeedyCloud Technologies - Beijing, China
SpeedyCloud Technologies - Beijing, China
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
Cloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud ServicesCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Cloud Migration for Financial Services - Toronto - October 2016
Cloud Migration for Financial Services - Toronto - October 2016Cloud Migration for Financial Services - Toronto - October 2016
Cloud Migration for Financial Services - Toronto - October 2016
 
The Sky Is The Limit (CCC)
The Sky Is The Limit (CCC)The Sky Is The Limit (CCC)
The Sky Is The Limit (CCC)
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
 
Getting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of ConceptsGetting Started with ThousandEyes Proof of Concepts
Getting Started with ThousandEyes Proof of Concepts
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Why CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdfWhy CCSK with InfosecTrain (1).pdf
Why CCSK with InfosecTrain (1).pdf
 
Hardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environmentsHardening the cloud : Assuring agile security in high-growth environments
Hardening the cloud : Assuring agile security in high-growth environments
 
5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases5 Highest-Impact CASB Use Cases
5 Highest-Impact CASB Use Cases
 
Introduction to Cloud B2B Integration
Introduction to Cloud B2B IntegrationIntroduction to Cloud B2B Integration
Introduction to Cloud B2B Integration
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 

Recently uploaded (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Design and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data ScienceDesign and Development of a Provenance Capture Platform for Data Science
Design and Development of a Provenance Capture Platform for Data Science
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 

Cloud Computing - Critical Areas of Focus

  • 1. Meetup #4 IT Audit & Security Sharing in the Cloud © 2017 PT. Indonesian Cloud Cloud Computing Critical Areas of Focus PUBLIC Public Release Authorized
  • 2. 2 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud Herwono W. Wijaya Head of Cyber Security Division He started his career in IT industry for more than 10 years ago, started as a programmer and a Linux system engineer with experience in various IT projects both in Indonesia and outside Indonesia, while security (hacking) itself is his hobby. Now he is more active as a security professional that focuses on the implementation of security as a business enabler for the organization and he also learn a lot about virtualization and cloud computing technology and sometimes still doing the programming in his spare times. He held certification of C|EH, VMware vExpert. At IndonesianCloud he’s responsible as a head of the cybersecurity division and cybersecurity business unit. He's responsible for all relevant compliance, and IT security in the organization and also to ensure target achievement of the cybersecurity business unit. HERE IS A LITTLE BIT ABOUT ME herwonowr@indonesiancloud.com linkedin.com/in/herwonowr @HerwonoWr ABOUT ME
  • 3. 3 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud AGENDA OVERVIEW CLOUD COMPUTING INTRODUCTION CRITICAL AREAS IN CLOUD COMPUTING BONUS Taking over Docker host from Container (Portainer, Docker, & CoreOS)
  • 4. 4 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud OVERVIEW The rise of cloud computing as an ever evolving technology brings with it a number of opportunities and challenges. We need to focus on Critical areas of focus to mitigating the risks associated with the adoption of cloud computing technology.
  • 5. 5 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CLOUD COMPUTING INTRODUCTION Cloud Computing Definition Cloud computing is a new operational model and set of technologies for managing shared pools of computing resources. Essential Characteristics Resource Pooling Broad Network Access Rapid Elasticity Measured Service On-Demand Self-Service Service Models IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Development Models Public Private Hybrid
  • 6. 6 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CLOUD COMPUTING INTRODUCTION con’t Cloud Computing Models Who owns and manages? Infrastructure Managed By Infrastructure Located Accessible and Consumed By Public Private Hybrid Third-Party Provider Off-Premises Untrusted Trusted Organization Third-Party Provider On-Premises Off-Premises Both Organization & Third-Party Provider Both On-Premises & Off-Premises Trusted & Untrusted
  • 7. 7 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CLOUD COMPUTING INTRODUCTION con’t Security Responsibilities Service Models IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Security Responsibility Mostly Consumer Mostly Provider
  • 8. 8 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING Critical Areas of Focus DOMAIN 01 Governance and Enterprise Risk Management DOMAIN 02 Legal Issues, Contracts and Electronic Discovery DOMAIN 03 Compliance and Audit Management DOMAIN 04 Information Governance DOMAIN 05 Management Plane and Business Continuity DOMAIN 06 Infrastructure Security DOMAIN 07 Virtualization and Containers DOMAIN 08 Incident Response, Notification and Remediation DOMAIN 09 Application Security DOMAIN 10 Data Security and Encryption DOMAIN 11 Identity, Entitlement, and Access Management
  • 9. 9 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 01 Governance and Enterprise Risk Management § Identify the shared responsibilities of security and risk management § Understand how a contract affects your governance § Develop a process for cloud provider assessments § Align risk requirements to the specific assets § Create a specific risk management and risk acceptance/mitigation methodology § Use controls to manage residual risks § Use tooling to track approved providers based on asset classification
  • 10. 10 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 02 Legal Issues, Contracts and Electronic Discovery § Understand the relevant legal and regulatory frameworks § Understand the policies, requirements and capabilities § Conduct a comprehensive evaluation of a proposed cloud service § Understand how cloud provider physically operates and stores information
  • 11. 11 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 03 Compliance and Audit Management § Understand the compliance obligations § Understand the scope of assessments and certifications, including both the controls and the features/services covered § Select auditors with experience in cloud computing § Keep a register of cloud providers used
  • 12. 12 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 04 Information Governance § Determine your governance requirements § Ensure information governance policies and practices extend to the cloud § Use the data security lifecycle to help model data handling and controls (Don’t bring bad habits)
  • 13. 13 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 05 Management Plane and Business Continuity § Management plane (metastructure) security § E.g. Consistently implement least privilege accounts for metastructure access § Business continuity § Take a risk-based approach to everything § Consider your DR plan
  • 14. 14 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 06 Infrastructure Security § Know the infrastructure security of your provider or platform § Make sure your provider is following cloud infrastructure best- practices and regulations § Understand your network security § Understand and comply with cloud provider limitations on vulnerability assessments and penetration testing
  • 15. 15 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 07 Virtualization and Containers § Understand Virtualization Security § Understand the capabilities offered by cloud providers as well as any security gaps § Properly configure virtualization services § Understand Containers Security § Understand the security isolation capabilities § Ensure that only approved, known, and secure container images can be deployed
  • 16. 16 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 08 Incident Response, Notification and Remediation § Understand the SLAs and setting expectations around what the customer does versus what the provider does § Set up proper communication paths with the provider § Understand the content and format of data that the cloud provider will supply for analysis purposes § Continuous monitoring § Understand your incident response plan and how those change in the cloud
  • 17. 17 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 09 Application Security § Understand the new architectural options and requirements in the cloud § Build security into the initial design process § Reviewing SDLC basics and how those change in the cloud § Understand the security capabilities of your cloud providers to leveraging cloud capabilities for more secure cloud applications
  • 18. 18 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 10 Data Security and Encryption § Understand the specific capabilities of the cloud platform you are using § Don’t dismiss cloud provider data security. In many cases it is more secure than building your own, and comes at a lower cost § Create an entitlement matrix for determining access controls § Use the appropriate encryption option based on the threat model for your data, business, and technical requirements § Consider use of encryption and storage options § Leverage architecture to improve data security § Ensure both API and data-level monitoring are in place
  • 19. 19 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud CRITICAL AREAS IN CLOUD COMPUTING con’t What we need to focus on DOMAIN 11 Identity, Entitlement, and Access Management § Organizations should develop a comprehensive and formalized plan and processes for managing identities and authorizations with cloud services § Develop an entitlement matrix for each cloud provider § Prefer Attribute-based access control (ABAC) over Role-based access control (RBAC) for cloud computing
  • 20. 20 Meetup #4 IT Audit & Security © 2017 PT. Indonesian Cloud BONUS Taking over Docker host from Container DEMO TIME Container Management Docker Engine Host Operating System