SlideShare a Scribd company logo

Cloud security - the most vital today for your business and product that uses Azure and AWS

Download as PPTX, PDF
James DeLuccia IV
James DeLuccia IV

I gathered my notes for the most critical cloud security practices. I gathered input from the two top cloud providers, looked at threat data trending, and used this to support and drive my RSA Security Conference presentation. There is so much more that can be done, but these are most vital to begin on the right foot. I have included two reference resources at the end to help you go deeper down the rabbit hole. Cloud is different from bare metal environments, so you must work differently.

Technology
1 of 16
Do Good, Find a way Cloud security: the most vital today Authored by James DeLuccia Sources: public and private discussions & content from the top cloud service providers and companies on those platforms
Do Good, Find a way Cloud security smarts
Do Good, Find a way Reduce attack surface, and simplify your life ● Minimize public-facing endpoints and other forms of public access to resources (starting with everything in a subscription/VPC) ● This includes ○ Storage accounts ○ API ○ Unnecessary open ports / sources to your public sites ○ ElastiCache or Redshift should not have public access
Do Good, Find a way Reduce annoying work, technical debt, and future pain - automate ● Automate as much as possible and get the humans away from the machines (lambda functions, Functions, etc.. ● Build automation for everything, utilize free automation, script everything - including how cybersecurity operates ● Dealing with legacy environments, fine, start today with this mindset (slower but will speed up, and stops incremental technical debt) ● Starting fresh - savage, automate
Do Good, Find a way Architect: Load Balancers at frontend ● Utilize Load Balancers and aggressive security group / rulesets ● Think and architect in a cloud native function, a huge mistake folks make is designing cloud formations ;) similar to data centers, don’t. ● Just don’t
Do Good, Find a way Just in Time - Remote Access ● Prevent / prohibit administrative remote access ● Utilize just in time and adaptive access solutions to keep a limited attack surface and ensuring your developers have the access required to build product
Do Good, Find a way Cloud security that’ll save your rear end
Do Good, Find a way Use Cloud Native Tools, they are free ● Cloud Providers make an immense amount of tools and intelligence that is very practical to operating clean and healthy online - use them ● Defaults are not always great, so take 5 mins and double check what those options mean ○ AWS and Azure are widely different here, so be smart ○ AWS has more encryption and better security on by default
Do Good, Find a way Verify your credentials & keys aren’t on public REPOs ● Great developers use REPOs (such as GitHub) ● This is where code is checked-in ● Scan and verify that your developers are not inadvertently pushing your API credentials to public spaces (which will cause you to be completely destroyed online)
Do Good, Find a way Defeat account takeover & ransomware ● Consider a ‘bunker’ account for backups. This is a completely off-the-grid account, no IAM federation, and it’s where all critical backups get copied in case an account gets compromised or disgruntled employee threatens to destroy data ○ (coupled with least privilege, any employee should have limited, need-to-know access)
Do Good, Find a way Product Architecture - only holder of root ● Don’t, ever, pass down root credentials ● Have Product Architecture hold root key ● Product Architecture creates and gives lesser credentials for devs to execute ● Eliminate Root Actions – no actions where an engineer needs a root password ● Adopt a key management system, such as Amazon’s KMS ● Ok .. here is one case where we need to remember our mainframe days
Do Good, Find a way Billing setup & triggers can provide intelligence ● Billing triggers - caps, activity, party, and more - Not just cost savings ● Allows for detecting and providing additional insights (i.e., crypto server) ● Account Service Owners ● Be sure 1 employee can’t walk away with full ownership
Do Good, Find a way Maintain only your domain email accounts “own” access ● Deny / Remove non-business managed email accounts on the Cloud ● This allows for better control in the future in the event things go south, really really south
Do Good, Find a way Massive Gratitude
Do Good, Find a way "Every Damn Time" Hacks/Insecurities and Best Practices that Prevent Them - Thank you to everyone for your help and insight
Do Good, Find a way A few sources ● Azure Best Practices Repository ○ https://docs.microsoft.com/en- us/azure/security/security-best- practices-and-patterns ● “Breaking the Intrusion Kill Chain with AWS” ○ https://d1.awsstatic.com/whitepap ers/Break-Intrusion-Kill-Chains- with-AWS.pdf

Recommended

Monitoring with Stackdriver
Monitoring with StackdriverMonitoring with Stackdriver
Monitoring with Stackdriver
denise stockman
 
Which watcher watches CloudWatch
Which watcher watches CloudWatch Which watcher watches CloudWatch
Which watcher watches CloudWatch
David Lutz
 
Data-Driven Operations - Practice realtime data analyse
Data-Driven Operations - Practice realtime data analyse Data-Driven Operations - Practice realtime data analyse
Data-Driven Operations - Practice realtime data analyse
Guixing Bai
 
Big Kahuna
Big KahunaBig Kahuna
Big Kahuna
Ritesh Nayak
 
Rapid Data Analytics @ Netflix
Rapid Data Analytics @ NetflixRapid Data Analytics @ Netflix
Rapid Data Analytics @ Netflix
Monisha Kanoth
 
Build, Launch, Fail, Learn, Refactor, Repeat
Build, Launch, Fail, Learn, Refactor, RepeatBuild, Launch, Fail, Learn, Refactor, Repeat
Build, Launch, Fail, Learn, Refactor, Repeat
OutSystems
 
International software testing conference 2017 fergal hynes
International software testing conference 2017 fergal hynesInternational software testing conference 2017 fergal hynes
International software testing conference 2017 fergal hynes
Fergal Hynes
 
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...
LogDNA
 

Recommended

Monitoring with Stackdriver
Monitoring with StackdriverMonitoring with Stackdriver
Monitoring with Stackdriver
denise stockman
 
Which watcher watches CloudWatch
Which watcher watches CloudWatch Which watcher watches CloudWatch
Which watcher watches CloudWatch
David Lutz
 
Data-Driven Operations - Practice realtime data analyse
Data-Driven Operations - Practice realtime data analyse Data-Driven Operations - Practice realtime data analyse
Data-Driven Operations - Practice realtime data analyse
Guixing Bai
 
Big Kahuna
Big KahunaBig Kahuna
Big Kahuna
Ritesh Nayak
 
Rapid Data Analytics @ Netflix
Rapid Data Analytics @ NetflixRapid Data Analytics @ Netflix
Rapid Data Analytics @ Netflix
Monisha Kanoth
 
Build, Launch, Fail, Learn, Refactor, Repeat
Build, Launch, Fail, Learn, Refactor, RepeatBuild, Launch, Fail, Learn, Refactor, Repeat
Build, Launch, Fail, Learn, Refactor, Repeat
OutSystems
 
International software testing conference 2017 fergal hynes
International software testing conference 2017 fergal hynesInternational software testing conference 2017 fergal hynes
International software testing conference 2017 fergal hynes
Fergal Hynes
 
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...
LogDNA and CloudFoundry Webinar: Open Ecosystems, Interoperability + Multi-Cl...
LogDNA
 
reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
CloudHesive
 
Rapid app building with loopback framework
Rapid app building with loopback frameworkRapid app building with loopback framework
Rapid app building with loopback framework
Thomas Papaspiros
 
A Primer for Your Next Data Science Proof of Concept on the Cloud
A Primer for Your Next Data Science Proof of Concept on the CloudA Primer for Your Next Data Science Proof of Concept on the Cloud
A Primer for Your Next Data Science Proof of Concept on the Cloud
Alton Alexander
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
Amazon Web Services
 
There is something about serverless
There is something about serverlessThere is something about serverless
There is something about serverless
gjdevos
 
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deploymentsSAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
Chris Kernaghan
 
Serverless - DevOps Lessons Learned From Production
Serverless - DevOps Lessons Learned From ProductionServerless - DevOps Lessons Learned From Production
Serverless - DevOps Lessons Learned From Production
Steve Hogg
 
meetup version of Paving the road to production
meetup version of Paving the road to production meetup version of Paving the road to production
meetup version of Paving the road to production
Matthew Reynolds
 
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
Amazon Web Services
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Cybersecurity model and top cloud security controls for product development e...
Cybersecurity model and top cloud security controls for product development e...Cybersecurity model and top cloud security controls for product development e...
Cybersecurity model and top cloud security controls for product development e...
James DeLuccia IV
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
Cloud for-startup
Cloud for-startupCloud for-startup
Cloud for-startup
Kesava Reddy
 
Automating Infrastructure as a Service Deployments and monitoring – TEC213
Automating Infrastructure as a Service Deployments and monitoring – TEC213Automating Infrastructure as a Service Deployments and monitoring – TEC213
Automating Infrastructure as a Service Deployments and monitoring – TEC213
Chris Kernaghan
 
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
Amazon Web Services
 
The 6k startup - How to Launch a Startup on a Budget
The 6k startup - How to Launch a Startup on a BudgetThe 6k startup - How to Launch a Startup on a Budget
The 6k startup - How to Launch a Startup on a Budget
Crystal Taggart
 
Microservices and Prometheus (Microservices NYC 2016)
Microservices and Prometheus (Microservices NYC 2016)Microservices and Prometheus (Microservices NYC 2016)
Microservices and Prometheus (Microservices NYC 2016)
Brian Brazil
 
So many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS providerSo many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS provider
Sirris
 
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsTechzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Anthony Somerset
 
7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS
Frederik Denkens
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 

More Related Content

Similar to Cloud security - the most vital today for your business and product that uses Azure and AWS

reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
CloudHesive
 
Rapid app building with loopback framework
Rapid app building with loopback frameworkRapid app building with loopback framework
Rapid app building with loopback framework
Thomas Papaspiros
 
A Primer for Your Next Data Science Proof of Concept on the Cloud
A Primer for Your Next Data Science Proof of Concept on the CloudA Primer for Your Next Data Science Proof of Concept on the Cloud
A Primer for Your Next Data Science Proof of Concept on the Cloud
Alton Alexander
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
Amazon Web Services
 
There is something about serverless
There is something about serverlessThere is something about serverless
There is something about serverless
gjdevos
 
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deploymentsSAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
Chris Kernaghan
 
Serverless - DevOps Lessons Learned From Production
Serverless - DevOps Lessons Learned From ProductionServerless - DevOps Lessons Learned From Production
Serverless - DevOps Lessons Learned From Production
Steve Hogg
 
meetup version of Paving the road to production
meetup version of Paving the road to production meetup version of Paving the road to production
meetup version of Paving the road to production
Matthew Reynolds
 
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
Amazon Web Services
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Cybersecurity model and top cloud security controls for product development e...
Cybersecurity model and top cloud security controls for product development e...Cybersecurity model and top cloud security controls for product development e...
Cybersecurity model and top cloud security controls for product development e...
James DeLuccia IV
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
Cloud for-startup
Cloud for-startupCloud for-startup
Cloud for-startup
Kesava Reddy
 
Automating Infrastructure as a Service Deployments and monitoring – TEC213
Automating Infrastructure as a Service Deployments and monitoring – TEC213Automating Infrastructure as a Service Deployments and monitoring – TEC213
Automating Infrastructure as a Service Deployments and monitoring – TEC213
Chris Kernaghan
 
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
Amazon Web Services
 
The 6k startup - How to Launch a Startup on a Budget
The 6k startup - How to Launch a Startup on a BudgetThe 6k startup - How to Launch a Startup on a Budget
The 6k startup - How to Launch a Startup on a Budget
Crystal Taggart
 
Microservices and Prometheus (Microservices NYC 2016)
Microservices and Prometheus (Microservices NYC 2016)Microservices and Prometheus (Microservices NYC 2016)
Microservices and Prometheus (Microservices NYC 2016)
Brian Brazil
 
So many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS providerSo many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS provider
Sirris
 
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsTechzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Anthony Somerset
 
7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS
Frederik Denkens
 

Similar to Cloud security - the most vital today for your business and product that uses Azure and AWS (20)

reInvent reCap 2022
reInvent reCap 2022reInvent reCap 2022
reInvent reCap 2022
 
Rapid app building with loopback framework
Rapid app building with loopback frameworkRapid app building with loopback framework
Rapid app building with loopback framework
 
A Primer for Your Next Data Science Proof of Concept on the Cloud
A Primer for Your Next Data Science Proof of Concept on the CloudA Primer for Your Next Data Science Proof of Concept on the Cloud
A Primer for Your Next Data Science Proof of Concept on the Cloud
 
Jump Start your First Hour with AWS
Jump Start your First Hour with AWSJump Start your First Hour with AWS
Jump Start your First Hour with AWS
 
There is something about serverless
There is something about serverlessThere is something about serverless
There is something about serverless
 
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deploymentsSAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
SAP Teched 2012 Session Tec3438 Automate IaaS SAP deployments
 
Serverless - DevOps Lessons Learned From Production
Serverless - DevOps Lessons Learned From ProductionServerless - DevOps Lessons Learned From Production
Serverless - DevOps Lessons Learned From Production
 
meetup version of Paving the road to production
meetup version of Paving the road to production meetup version of Paving the road to production
meetup version of Paving the road to production
 
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
(SPOT205) 5 Lessons for Managing Massive IT Transformation Projects
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Cybersecurity model and top cloud security controls for product development e...
Cybersecurity model and top cloud security controls for product development e...Cybersecurity model and top cloud security controls for product development e...
Cybersecurity model and top cloud security controls for product development e...
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Cloud for-startup
Cloud for-startupCloud for-startup
Cloud for-startup
 
Automating Infrastructure as a Service Deployments and monitoring – TEC213
Automating Infrastructure as a Service Deployments and monitoring – TEC213Automating Infrastructure as a Service Deployments and monitoring – TEC213
Automating Infrastructure as a Service Deployments and monitoring – TEC213
 
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
AWS Summit Auckland 2014 | Jump Start your First Hour with AWS
 
The 6k startup - How to Launch a Startup on a Budget
The 6k startup - How to Launch a Startup on a BudgetThe 6k startup - How to Launch a Startup on a Budget
The 6k startup - How to Launch a Startup on a Budget
 
Microservices and Prometheus (Microservices NYC 2016)
Microservices and Prometheus (Microservices NYC 2016)Microservices and Prometheus (Microservices NYC 2016)
Microservices and Prometheus (Microservices NYC 2016)
 
So many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS providerSo many clouds - 7 things to consider when choosing your IaaS provider
So many clouds - 7 things to consider when choosing your IaaS provider
 
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile AppsTechzim Surge: Important Considerations for Hosting Web or Mobile Apps
Techzim Surge: Important Considerations for Hosting Web or Mobile Apps
 
7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS7 things to consider when choosing your IaaS provider for ISV/SaaS
7 things to consider when choosing your IaaS provider for ISV/SaaS
 

Recently uploaded

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 

Recently uploaded (20)

Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 

Cloud security - the most vital today for your business and product that uses Azure and AWS

  • 1. Do Good, Find a way Cloud security: the most vital today Authored by James DeLuccia Sources: public and private discussions & content from the top cloud service providers and companies on those platforms
  • 2. Do Good, Find a way Cloud security smarts
  • 3. Do Good, Find a way Reduce attack surface, and simplify your life ● Minimize public-facing endpoints and other forms of public access to resources (starting with everything in a subscription/VPC) ● This includes ○ Storage accounts ○ API ○ Unnecessary open ports / sources to your public sites ○ ElastiCache or Redshift should not have public access
  • 4. Do Good, Find a way Reduce annoying work, technical debt, and future pain - automate ● Automate as much as possible and get the humans away from the machines (lambda functions, Functions, etc.. ● Build automation for everything, utilize free automation, script everything - including how cybersecurity operates ● Dealing with legacy environments, fine, start today with this mindset (slower but will speed up, and stops incremental technical debt) ● Starting fresh - savage, automate
  • 5. Do Good, Find a way Architect: Load Balancers at frontend ● Utilize Load Balancers and aggressive security group / rulesets ● Think and architect in a cloud native function, a huge mistake folks make is designing cloud formations ;) similar to data centers, don’t. ● Just don’t
  • 6. Do Good, Find a way Just in Time - Remote Access ● Prevent / prohibit administrative remote access ● Utilize just in time and adaptive access solutions to keep a limited attack surface and ensuring your developers have the access required to build product
  • 7. Do Good, Find a way Cloud security that’ll save your rear end
  • 8. Do Good, Find a way Use Cloud Native Tools, they are free ● Cloud Providers make an immense amount of tools and intelligence that is very practical to operating clean and healthy online - use them ● Defaults are not always great, so take 5 mins and double check what those options mean ○ AWS and Azure are widely different here, so be smart ○ AWS has more encryption and better security on by default
  • 9. Do Good, Find a way Verify your credentials & keys aren’t on public REPOs ● Great developers use REPOs (such as GitHub) ● This is where code is checked-in ● Scan and verify that your developers are not inadvertently pushing your API credentials to public spaces (which will cause you to be completely destroyed online)
  • 10. Do Good, Find a way Defeat account takeover & ransomware ● Consider a ‘bunker’ account for backups. This is a completely off-the-grid account, no IAM federation, and it’s where all critical backups get copied in case an account gets compromised or disgruntled employee threatens to destroy data ○ (coupled with least privilege, any employee should have limited, need-to-know access)
  • 11. Do Good, Find a way Product Architecture - only holder of root ● Don’t, ever, pass down root credentials ● Have Product Architecture hold root key ● Product Architecture creates and gives lesser credentials for devs to execute ● Eliminate Root Actions – no actions where an engineer needs a root password ● Adopt a key management system, such as Amazon’s KMS ● Ok .. here is one case where we need to remember our mainframe days
  • 12. Do Good, Find a way Billing setup & triggers can provide intelligence ● Billing triggers - caps, activity, party, and more - Not just cost savings ● Allows for detecting and providing additional insights (i.e., crypto server) ● Account Service Owners ● Be sure 1 employee can’t walk away with full ownership
  • 13. Do Good, Find a way Maintain only your domain email accounts “own” access ● Deny / Remove non-business managed email accounts on the Cloud ● This allows for better control in the future in the event things go south, really really south
  • 14. Do Good, Find a way Massive Gratitude
  • 15. Do Good, Find a way "Every Damn Time" Hacks/Insecurities and Best Practices that Prevent Them - Thank you to everyone for your help and insight
  • 16. Do Good, Find a way A few sources ● Azure Best Practices Repository ○ https://docs.microsoft.com/en- us/azure/security/security-best- practices-and-patterns ● “Breaking the Intrusion Kill Chain with AWS” ○ https://d1.awsstatic.com/whitepap ers/Break-Intrusion-Kill-Chains- with-AWS.pdf