The document discusses exploiting identity and access management (IAM) in Google Cloud Platform (GCP). It begins with an introduction of the presenter and agenda. It then covers the key concepts of IAM in GCP, including role types, VPC service controls to control data flows, and access context manager. A deep dive on service accounts explains what they are, how bindings work, and the risk of impersonating service accounts. The demo illustrates a scenario where a stolen credential is used to impersonate a service account and access a storage bucket. Key takeaways recommend separating privileged service accounts, binding permissions at the account level, avoiding default accounts and primitive roles.
Scaling Security in the Cloud With Open SourceCloudVillage
The programmability of the cloud has revolutionized infrastructure deployments at scale and, at the same time, has enabled the automation of both the attack and defense of these deployments. In this talk, I will discuss the open-source tools and the techniques that my organization has used to scale security in the cloud to keep pace with our deployments. I’ll also cover how we’ve used automation to adapt security processes to cloud strategies such as immutable servers. Some topics include: temporal leasing of API access keys and database credentials, automation of patching groups and scans, and automated enforcement of configuration policy.
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
The cloud is compelling and in many cases necessary for organizations to effectively operate.
Cloud security, on the other hand, is not as clear. Many cloud services need a hook into the on-premises environment in order to synchronize users and groups. Additionally, cloud security controls vary by the provider in availability, capability, and cost. This results in a disjointed view of user authentication, security, and potential configuration issues.
This talk explores some common cloud configuration scenarios and associated security issues.
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
Speaker 1: Olaf Hartong
Speaker 2: Edoardo Gerosa
Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.
The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.
This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.
Speaker 1: Ashwin Vamshi
Speaker 2: Abhinav Singh
Cloud services are built for increased collaboration and productivity, and provide capabilities like auto sync and API level communication. This has led enterprises to exclusively use SaaS, PaaS and IaaS services for storing and sharing critical and confidential data. End users as well as security products tend to place implicit trust in cloud vendors such as Microsoft, AWS, Google, and SaaS app vendors such as Box, Salesforce, DropBox. As a result, cybercriminals have started launching their attacks from these trusted cloud services. This talk will focus on how attackers are abusing these trusted cloud services to create Phishing attacks that are highly effective and hard to detect.
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...Amazon Web Services
Come to this session to learn how Europol, the Dutch police, Intel Security, and Kaspersky Lab have come together in an unprecedented collaboration of government and private-sector organizations. Open source ransomware code makes it easier to lock victims’ computers and encrypt their data, resulting in an alarming increase of cyber ransom. In response www.nomoreransom.org was created with the additional cooperation of AWS and Barracuda Web Application Firewall. Learn what tools are available to retrieve encrypted data and take a peek under the hood of this mission-critical website in the fight against ransomware. Perhaps because the site opposes ransomware, it has already received a number of attacks. Learn how AWS and Intel worked to rebuff these persistent assaults.
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)Amazon Web Services
Recent interest in leveraging distributed ledgers across multiple industries has elevated blockchain from mere theory and into the spotlight of real world use. Learn why some partners have a vested interest in it and how blockchain can be used with AWS. In this session, we explore the AWS services needed for a successful deployment and dive deep into a partner's blockchain journey on AWS.
Scaling Security in the Cloud With Open SourceCloudVillage
The programmability of the cloud has revolutionized infrastructure deployments at scale and, at the same time, has enabled the automation of both the attack and defense of these deployments. In this talk, I will discuss the open-source tools and the techniques that my organization has used to scale security in the cloud to keep pace with our deployments. I’ll also cover how we’ve used automation to adapt security processes to cloud strategies such as immutable servers. Some topics include: temporal leasing of API access keys and database credentials, automation of patching groups and scans, and automated enforcement of configuration policy.
Keynote - Cloudy Vision: How Cloud Integration Complicates SecurityCloudVillage
The cloud is compelling and in many cases necessary for organizations to effectively operate.
Cloud security, on the other hand, is not as clear. Many cloud services need a hook into the on-premises environment in order to synchronize users and groups. Additionally, cloud security controls vary by the provider in availability, capability, and cost. This results in a disjointed view of user authentication, security, and potential configuration issues.
This talk explores some common cloud configuration scenarios and associated security issues.
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...CloudVillage
Speaker 1: Olaf Hartong
Speaker 2: Edoardo Gerosa
Azure Sentinel, Microsoft's new cloud SIEM solution, was recently released on the market. Notwithstanding its strengths Sentinel offers limited threat hunting capabilities out of the box and setting up an effective hunting solution is not straightforward. The Sentinel ATT&CK GitHub project is designed to provide guidance on setting up an ATT&CK-driven process monitoring solution within Sentinel; giving DFIR professionals a tool to effectively hunt in the Azure cloud.
The project, building on previous work from the open source DFIR community, provides instructions on how to properly configure Sysmon to monitor and detect specific processes in alignment with MITRE's ATT&CK framework. Secondly it provides clarity on how to onboard Sysmon logs from Windows virtual machines, shedding light on some poorly documented areas, while also offering an open source parser to correctly ingest Sysmon data in conformity with the Open Source Security Event Metadata information model. Thirdly it offers around 120 open source Kusto Query Language alerts ready for deployment; each mapped to a unique MITRE ATT&CK technique. Fourthly it provides a dedicated threat hunting dashboard to help DFIR professionals monitor their environment and execute precise hunts. Finally, Sentinel ATT&CK provides ready-made hunting queries to be leveraged when responding to alert notifications raised by the threat hunting dashboard.
This talk delivers an overview of how the Sentinel ATT&CK project can help organisations establish an effective threat hunting capability in Azure as well as an opportunity to share with the community the strengths and shortcomings of Sentinel when it comes to hunting adversaries within the Microsoft cloud.
Speaker 1: Ashwin Vamshi
Speaker 2: Abhinav Singh
Cloud services are built for increased collaboration and productivity, and provide capabilities like auto sync and API level communication. This has led enterprises to exclusively use SaaS, PaaS and IaaS services for storing and sharing critical and confidential data. End users as well as security products tend to place implicit trust in cloud vendors such as Microsoft, AWS, Google, and SaaS app vendors such as Box, Salesforce, DropBox. As a result, cybercriminals have started launching their attacks from these trusted cloud services. This talk will focus on how attackers are abusing these trusted cloud services to create Phishing attacks that are highly effective and hard to detect.
AWS re:Invent 2016: No More Ransomware: How Europol, the Dutch Police, and AW...Amazon Web Services
Come to this session to learn how Europol, the Dutch police, Intel Security, and Kaspersky Lab have come together in an unprecedented collaboration of government and private-sector organizations. Open source ransomware code makes it easier to lock victims’ computers and encrypt their data, resulting in an alarming increase of cyber ransom. In response www.nomoreransom.org was created with the additional cooperation of AWS and Barracuda Web Application Firewall. Learn what tools are available to retrieve encrypted data and take a peek under the hood of this mission-critical website in the fight against ransomware. Perhaps because the site opposes ransomware, it has already received a number of attacks. Learn how AWS and Intel worked to rebuff these persistent assaults.
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)Amazon Web Services
Recent interest in leveraging distributed ledgers across multiple industries has elevated blockchain from mere theory and into the spotlight of real world use. Learn why some partners have a vested interest in it and how blockchain can be used with AWS. In this session, we explore the AWS services needed for a successful deployment and dive deep into a partner's blockchain journey on AWS.
At the end of this presentation, audience will be aware of the following topics.
1. Introduction to AWS
2. Accessing AWS console via cli.
3. Launching and logging into an EC2 instance
4. Creating a S3 bucket and uploading an image.
5. Security misconfigurations in S3 bucket.
6. Subdomain takeover via S3 bucket.
7. Hardcoded AWS credentials in github.
8. Aasna AWS credentials leak using pixel flood attack
9. Murder in the cloud - Codespace hack
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
Developing mobile apps can be complex and time-consuming. Learn how to simplify mobile identity management and data synchronization across devices. In addition, learn how to follow security best practices to give your app access to the resources it needs to provide a great user experience without hard-coding security credentials. We will cover how to easily and securely onboard users as anonymous guests using public login providers like Amazon, Facebook, Twitter, or your own user identity system. We are very excited to have Twitter representatives join us on stage for a deep dive on authenticating users with Twitter and Digits, which enables users to sign in with their phone numbers.
Mining Malevolence: Cryptominers in the CloudCloudVillage
Speaker: Cheryl Biswas
Cloud. It's the land of opportunity. Enterprises are doing mass migrations from older and legacy systems to harness greater power and efficiency from innovative new tech. Following that money trail are opportunistic attackers, seeking the computing strength and near-invisibility afforded by enterprise cloud environments to mine bitcoin. Cryptominers are everywhere. And yes, Virginia, they are in the Cloud. These nebulous power-rich realms let attackers set up mining rigs to feast on enterprise resources, while flying below the detection of cloud or conventional security resources. The concern here is that once attackers gain access to our networks, they can pivot and move laterally, to find even greater reward in the vast amounts of data available.
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need.
Learning Objectives:
• Understand the security measures AWS puts in place to secure the environment where your data lives
• Understand the tools AWS offers to help you create a resilient environment with the security you need
• Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud
Who Should Attend:
- Prospects and customers with a security background
- Who are interested in using AWS to manage security-sensitive workloads
Security is such a big subject which means that when you say security depending on the person you talk to they will have one or more of the following topics in their mind: AWS access, Access to your AWS infra, Audit Trails of ho did what in AWS, Securing access to your application, of your application, and OS security. And the list goes on and on. Without pretending I have "THE solution" and "to know it all" let me show you what I did regarding security in the cloud. I will show you how I tried to take security measures on all for me relevant aspects mentioned above and more.
Secure Cloud Networking – Beyond Cloud Boundaries. When you are learning cloud, networking examples are just complicated enough to get you exposed to the networking fundamentals of that cloud. Real-life is quite a bit different. Matt Kazmar, Rod Stuhlmuller, Corbin Louks and Mark Cunningham from Aviatrix walks us through the complications of cloud networking, especially those encountered beyond one cloud.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Amazon Web Services
With the rapid increase of complexity in managing security for distributed IT and cloud computing, security, and compliance managers can innovate in how to ensure a high level of security is practiced to manage AWS resources. In this session, Chad Woolf, Director of Compliance for AWS will discuss which AWS service features can be leveraged to achieve a high level of security assurance over AWS resources, giving you more control of the security of your data and preparing you for a wide range of audits. Attendees will also learn first-hand what some AWS customers have accomplished by leveraging AWS features to meet specific industry compliance requirements.
AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry.
Speakers:
Michael Braendle, Principal Cloud Architect, AWS
Paul Sin, Financial Services Technology Consultant, Deloitte China
From Monolith to Microservices - Containerized Microservices on AWS - April 2...Amazon Web Services
Learning Objectives:
• Understand key microservices concepts and common patterns
• Learn how to deploy microservices on Amazon ECS
What are monoliths, what are microservices, how do containers fit into the picture, and how do I do this all in production?
In this session, we will explore the reasoning and concepts behind microservices and how you can transform monolithic apps into microservices. We will discuss how containers simplify building microservices-based applications, and we will walk through a number of patterns used by our customers to run their microservices platforms. We will also dive deep into some of the challenges of running microservices, such as load balancing, service discovery, and secrets management, and we’ll see how Amazon EC2 Container Service (ECS) can help address them. We’ll also demo how you can easily deploy complex microservices applications using Amazon ECS.
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
RightScale Webinar: Security and Compliance in the CloudRightScale
In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
At the end of this presentation, audience will be aware of the following topics.
1. Introduction to AWS
2. Accessing AWS console via cli.
3. Launching and logging into an EC2 instance
4. Creating a S3 bucket and uploading an image.
5. Security misconfigurations in S3 bucket.
6. Subdomain takeover via S3 bucket.
7. Hardcoded AWS credentials in github.
8. Aasna AWS credentials leak using pixel flood attack
9. Murder in the cloud - Codespace hack
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
Developing mobile apps can be complex and time-consuming. Learn how to simplify mobile identity management and data synchronization across devices. In addition, learn how to follow security best practices to give your app access to the resources it needs to provide a great user experience without hard-coding security credentials. We will cover how to easily and securely onboard users as anonymous guests using public login providers like Amazon, Facebook, Twitter, or your own user identity system. We are very excited to have Twitter representatives join us on stage for a deep dive on authenticating users with Twitter and Digits, which enables users to sign in with their phone numbers.
Mining Malevolence: Cryptominers in the CloudCloudVillage
Speaker: Cheryl Biswas
Cloud. It's the land of opportunity. Enterprises are doing mass migrations from older and legacy systems to harness greater power and efficiency from innovative new tech. Following that money trail are opportunistic attackers, seeking the computing strength and near-invisibility afforded by enterprise cloud environments to mine bitcoin. Cryptominers are everywhere. And yes, Virginia, they are in the Cloud. These nebulous power-rich realms let attackers set up mining rigs to feast on enterprise resources, while flying below the detection of cloud or conventional security resources. The concern here is that once attackers gain access to our networks, they can pivot and move laterally, to find even greater reward in the vast amounts of data available.
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need.
Learning Objectives:
• Understand the security measures AWS puts in place to secure the environment where your data lives
• Understand the tools AWS offers to help you create a resilient environment with the security you need
• Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud
Who Should Attend:
- Prospects and customers with a security background
- Who are interested in using AWS to manage security-sensitive workloads
Security is such a big subject which means that when you say security depending on the person you talk to they will have one or more of the following topics in their mind: AWS access, Access to your AWS infra, Audit Trails of ho did what in AWS, Securing access to your application, of your application, and OS security. And the list goes on and on. Without pretending I have "THE solution" and "to know it all" let me show you what I did regarding security in the cloud. I will show you how I tried to take security measures on all for me relevant aspects mentioned above and more.
Secure Cloud Networking – Beyond Cloud Boundaries. When you are learning cloud, networking examples are just complicated enough to get you exposed to the networking fundamentals of that cloud. Real-life is quite a bit different. Matt Kazmar, Rod Stuhlmuller, Corbin Louks and Mark Cunningham from Aviatrix walks us through the complications of cloud networking, especially those encountered beyond one cloud.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013Amazon Web Services
With the rapid increase of complexity in managing security for distributed IT and cloud computing, security, and compliance managers can innovate in how to ensure a high level of security is practiced to manage AWS resources. In this session, Chad Woolf, Director of Compliance for AWS will discuss which AWS service features can be leveraged to achieve a high level of security assurance over AWS resources, giving you more control of the security of your data and preparing you for a wide range of audits. Attendees will also learn first-hand what some AWS customers have accomplished by leveraging AWS features to meet specific industry compliance requirements.
AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry.
Speakers:
Michael Braendle, Principal Cloud Architect, AWS
Paul Sin, Financial Services Technology Consultant, Deloitte China
From Monolith to Microservices - Containerized Microservices on AWS - April 2...Amazon Web Services
Learning Objectives:
• Understand key microservices concepts and common patterns
• Learn how to deploy microservices on Amazon ECS
What are monoliths, what are microservices, how do containers fit into the picture, and how do I do this all in production?
In this session, we will explore the reasoning and concepts behind microservices and how you can transform monolithic apps into microservices. We will discuss how containers simplify building microservices-based applications, and we will walk through a number of patterns used by our customers to run their microservices platforms. We will also dive deep into some of the challenges of running microservices, such as load balancing, service discovery, and secrets management, and we’ll see how Amazon EC2 Container Service (ECS) can help address them. We’ll also demo how you can easily deploy complex microservices applications using Amazon ECS.
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
RightScale Webinar: Security and Compliance in the CloudRightScale
In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure.
Key Topics:
1. Understanding the security requirements of cloud
2. Security certifications among cloud providers
3. Managing secure & compliant cloud-enabled organizations
4. Live demo of the RightScale approach
In this session, Tim Wagner, general manager of AWS Lambda and API Gateway, explores how developers can design, develop, deliver, and monitor cloud applications as they take advantage of the AWS serverless platform and developer toolset. He shares technical insights that developers can use to optimize their workflows and their use of cloud resources, which, in turn, can improve security, scalability, and availability. He also discusses common serverless patterns used by enterprises, and he dives into the operational and security features used by large and mature organizations. You will also hear from a Principal Architect of T-Mobile who will discuss how T-Mobile is driving adoption of serverless within the company.
PuppetConf 2017: Kubernetes in the Cloud w/ Puppet + Google Container Engine-...Puppet
Today there's a multitude of ways to get up and running with Kubernetes in the Cloud. In this talk we'll look at how easy it is to operationalize your K8s cluster deployments using the new gcontainer puppet module for Google Container Engine (GKE), Google’s Managed Kubernetes service. We'll walk you through an end to end deployment of a demo application using the gcontainer puppet module and the kubernetes module. We'll also take a deep dive into the unique value proposition that GKE brings to Kubernetes deployments, including security, scaling, federation, automated container builds, integrated private container registry and GPUs.
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
If you'd like to watch along with the recording of the webinar, visit: http://bitn.am/2u5bOnA
Serverless computing has given back loads of time and money to developers whose focus is to create new, popular and disruptive applications. Without serverless computing, developers would still be spending most of their time on infrastructure rather than building new features to improve their users' experience.
With the move to containers and increased market share for Kubernetes, Bitnami has wanted to stay one step ahead by providing a serverless tool that is also Kubernetes-native, ... Kubeless! Kubeless tackles the challenge of integrating cloud services through small logical units. When creating your new project or application on Kubernetes, Kubeless will allow you to focus on creating a great application with a lightweight and flexible infrastructure.
In this video, you will watch and learn:
-The benefits of serverless computing on Kubernetes
- How to link several cloud services together with small, lightweight pieces of code
- How to install Kubeless into your GKE cluster
- How to deploy Python and Node.js functions with a straightforward CLI call
- An introduction to the Kubeless UI and how to write, update, delete, and deploy functions through it
Presentation for Introduction to Google Cloud Platform. This PPT provides basic understanding for services provided by Google Cloud Platform like Compute, Storage, VPC, IAM.
One of the great promises of Google Cloud is to make authentication simple. This promise indeed holds true the majority of the time, particularly if you don't go beyond the core Google Cloud services to a wider spectrum of Google APIs. In this talk, we'll explore the likely caveats and provide solutions on how to deal with them.
In this talk, Sami will provide some tips and good practices learnt from doing continuous delivery for cloud native apps. He will also demo a GitOps approach for continuous delivery of kubernetes deployments with Helmsman. Although, the talk focuses on Kubernetes as a deployment platform, the tips apply to other platforms too.
Accelerate Digital Transformation with IBM Cloud PrivateMichael Elder
Accelerate the journey to cloud-native, refactor existing mission-critical workloads, and catalyze enterprise digital transformations.
How do you ensure the success of your enterprise in highly competitive market landscapes? How will you deliver new cloud-native workloads, modernize existing estates, and drive integration between them?
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemonsaspyker
Disenchantment is a Netflix show following the medieval misadventures of a hard-drinking princess, her feisty elf, and her personal demon. In this talk, we will follow the story of Netflix’s container management platform, Titus, which powers critical aspects of the Netflix business (video encoding & streaming, big data, recommendations & machine learning, and other workloads). We’ll cover the challenges growing Titus from 10’s to 1000’s of workloads. We’ll talk about our feisty team’s work across container runtimes, scheduling & control plane, and cloud infrastructure integration. We’ll talk about the demons we’ve found on this journey covering operability, security, reliability and performance.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
The Definitive CASB Business Case Kit - PresentationNetskope
As #1 on Gartner’s information security agenda, CASB is a must-have. But is your business case lined up? Get started now with the definitive CASB business case starter kit. The kit includes:
- The Gartner Market Guide to Cloud Access Security Brokers
- A CASB justification letter that you can tailor and deliver to your decision-maker
- A CASB ROI calculator into which you can enter your assumptions, plus a 3-slide companion executive presentation
- A sample Cloud Risk Assessment so you know what to expect when you request this analysis from your CASB
- The Netskope Cloud Report, which contains the latest cloud security benchmarks
- The 15 Most Critical CASB Use Cases eBook, which will help you understand and prioritize your CASB use cases
In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016.
Report highlights:
- Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation.
- Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps.
- 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly.
- Enterprises have an average of 777 cloud apps in use, a slight rise from 769 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively.
- Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.
June 2016 Worldwide Netskope Cloud Report Netskope
In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016.
Report highlights:
- Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation.
- Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps.
- 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly.
- Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively.
- Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
The explosion of useful cloud applications has enabled new levels of productivity, resulting in strategic advantages for some healthcare providers. But cloud app usage is not without risk.
Craig Guinasso, CSO of Genomic Health, is leveraging the power of the cloud, while solving some of today’s most complex security challenges.
Craig, along with Krishna Narayanaswamy, co-founder and chief scientist of Netskope, discuss the top five strategies that healthcare technology and security leaders are adopting to get the most out of the cloud, while protecting patient health data and maintaining their organization’s compliance.
Attendees will learn how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
The “move to the cloud” has long been considered a key initiative by organizations worldwide. With this move, there’s a level of increased risk that enterprises must address. What’s different is using cloud services requires abdicating some control over how systems and data are being protected. We begin this discussion on this footing.
Join Scott Hogrefe, Sr. Director of Market Data for Netskope, who will lead this discussion about what CISOs need to know about:
- Their cloud risk
- How to quantify it for their corporate leadership and board of directors
- How to convey it in the context of their overall cloud strategy
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
Let’s face it: When it comes to data loss prevention, we’re not in Kansas anymore. Any and all types of sensitive business data is now stored in the cloud and accessed from personal devices and most of the time, IT doesn’t even know it. This presentation is from a webinar with our guest speaker Forrester VP and Principal Analyst John Kindervag and Netskope VP of Product Management Rajneesh Chopra. In it, they explore the following:
- Trends surrounding cloud and data loss prevention
- How on-premises DLP users have helped shape the design of new, cloud-based solutions
- Key architectural considerations for enterprises who have invested in on-premises DLP
- Pitfalls that every IT security professional should look out for when developing a cloud DLP strategy
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Fall 2015 Worldwide Netskope Cloud Report Netskope
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Cloud Security for Dummies Webinar — The Identity EditionNetskope
Join "Cloud Security for Dummies" authors Ravi Ithal and Krishna Narayanaswamy, along with Patrick Harding, CTO from Ping Identity for this special “Identity Edition” of the Cloud Security for Dummies webinar series.
In this panel-style discussion, the experts will compare notes, debate approaches, and share stories from the cloud security and identity and access management front lines. IT security professionals will walk away with best practices on:
- Finding and assessing risk of all cloud apps running in your enterprise
- Onboarding new apps and bringing them into the secure Single Sign On fold
- Using identity to enable access and enforce usage and content policies
- Dealing with security issues such as poor reputation users and compromised accounts
- Communicating and coaching users
Office 365 in Focus. Security and Governance Strategies from the Experts - We...Netskope
One of today's biggest cloud trends is enterprise adoption of the Microsoft Office 365 suite. There is one wrinkle, though. Your business wants to move quickly to get immediate value, while your security team needs to proceed a little more cautiously to ensure they can govern usage and protect sensitive data. Can organizations move quickly and instrument the proper controls?
Join Adrian Sanabria, Senior Security Analyst from 451 Research, Shamiana Soderberg, Senior Business Development Manager Cloud Productivity from Microsoft, and Jamie Barnett, CMO of Netskope for a look at safe enablement best practices for Office 365, and the role Cloud Access Security Brokers play in this effort.
Attendees will come away with the ten real-world requirements that every organization should consider when adopting a sanctioned cloud productivity suite like Office 365. These requirements will address areas like:
- Granular administrative and user controls across the Office 365 suite
- DLP for content “at rest” within and “en route” to or from the suite
- Usage and data governance within the suite and its ecosystem
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
2. Who am I?
● Formerly Security @ Apple, Netflix
● Startup experience: built cloud security software
● Currently Research @ Netskope
● Focused on AWS, GCP
3. My Organization
colin-demo-project
What’s the Story...
nsk-colin-child-bucket
colin_perimeter
colin-child-project
Service account
instance-1
Compute Engine
nsk-colin-child-bucket
Cloud Storage
Stolen
credential
Shell Access
8. Types of Roles
● Primitive Roles - created by Google (not recommended)
○ Owner
○ Editor
○ Viewer
● Predefined Roles - created by Google
○ Compute Instance Admin
○ Storage Object Viewer
○ etc.
● Custom Roles - defined by users
10. What are VPC Service Controls?
● Designed to mitigate Data Exfiltration risks
○ Create perimeters around your resources, such as Storage buckets
○ Control the movement of data past the boundaries of your perimeter
○ Set conditions to allow data flow outside of the perimeter
● Independent of IAM policies
○ IAM allow access would still be blocked based on the service control perimeter
11.
12. Access Context Manager
● Another service that works in tandem with VPC service controls
● Allows admins to define the rules for access using certain criteria
○ Device type and operating system
○ IP address
○ User identity
14. Combining the Controls
● Google says: IAM + VPC Service Controls = Defense in Depth
● IAM can be misconfigured, but the Service Controls protect you
● Everyone should be monitoring changes to these controls
○ What if someone changes the access level rule to allow all traffic from multiple countries?
○ What if somebody removes a service control perimeter?
16. What is a Service Account?
● Identity for applications to authenticate
● Designed for non-human use
● Uses RSA keys instead of passwords
● Can’t access the web console
● Also considered resources – can apply bindings to them
17. More about Service Accounts
● A service account must be created in a Project
● IAM bindings can be granted at any level
● Elevated Bindings = bindings at the Folder, Organization
● Google creates some service accounts automatically
● Default account for Compute Engine, App Engine, etc.
● Accounts they will use for internal processing
21. Binding at the Project level
colin-demo-project
Service Account User
Cloud IAM
Service Account 1
Cloud IAM
Service Account 2
Cloud IAM
Service Account 3
Cloud IAM
Service Account 4
Cloud IAM
22. Binding at the Service Account Level
colin-demo-project
Service Account User
Cloud IAM
Service Account 1
Cloud IAM
Service Account 2
Cloud IAM
Service Account 3
Cloud IAM
Service Account 4
Cloud IAM
23. Permissions for Impersonating a Service Account
● Generating Service Account Keys
○ iam.serviceAccountKeys.create
○ iam.serviceAccountKeys.get
● Impersonation only
○ iam.serviceAccounts.actAs
24. Why Service Account Impersonation?
● Privilege Escalation
● It’s easy to lose track:
a. VMs could have service accounts
b. SSH keys could be applied project-wide
c. User can now operate as the service account from a VM
● Obfuscates your activity in GCP
25. Access Scopes for Virtual Machines
● Legacy Method for applying permissions
● Must be set when using a service account
● Restricts API access for the service account
● Set on a per-instance basis
31. Key Takeaways
● Keep Service Accounts with elevated bindings in their own Project(s)
○ Keep public workloads out of the Project
○ Keep the Project under lock and key
○ Service accounts in the same Project may be able to see each other
● Bind permissions to specific Service Accounts whenever possible
● Don’t use Default Service Accounts
● Avoid using Primitive Roles