This slides is a final project presentation for Cloud Security course in Harvard Extension School. It describes how to design a HIPAA Compliance Auditing and Logging in Cloud Infrastructure for a fictitious company called GoodBuy.
There are many security threats in cloud computing. But the major security threats in the security of the data is third party auditor of data or user data. The various security model varies from application to application. After studying the model of proof of retrievability. The new model will proposed for E-learning, while putting the data on the cloud because security is important factor
Think Like an Attacker™
The Core Security Attack Intelligence platform proactively identifies the most likely threats to your business by simulating what an attacker would do to reach your critical assets.
- Consolidate and prioritize vulnerability scanner data
- Core Insight prioritizes attack paths to your critical assets
- Further test and validate vulnerable systems based on attack paths
To learn more, visit http://www.coresecurity.com/think-like-an-attacker
The aim of this project is to secure the sensitive outsourced data with encryption and data fragmentation within the cloud provider. The major requirements for achieving security in outsourced cloud databases are confidentiality, privacy, availability and integrity. While achieving the requirements various data confidentiality mechanisms of fragmentation and encryption of data are used. This project presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. Applying encryption and obfuscation techniques on the cloud data will provide more protection against unauthorized access of sensitive data of a private user.
There are many security threats in cloud computing. But the major security threats in the security of the data is third party auditor of data or user data. The various security model varies from application to application. After studying the model of proof of retrievability. The new model will proposed for E-learning, while putting the data on the cloud because security is important factor
Think Like an Attacker™
The Core Security Attack Intelligence platform proactively identifies the most likely threats to your business by simulating what an attacker would do to reach your critical assets.
- Consolidate and prioritize vulnerability scanner data
- Core Insight prioritizes attack paths to your critical assets
- Further test and validate vulnerable systems based on attack paths
To learn more, visit http://www.coresecurity.com/think-like-an-attacker
The aim of this project is to secure the sensitive outsourced data with encryption and data fragmentation within the cloud provider. The major requirements for achieving security in outsourced cloud databases are confidentiality, privacy, availability and integrity. While achieving the requirements various data confidentiality mechanisms of fragmentation and encryption of data are used. This project presents a method for secure and confidential storage of data in the cloud environment based on fragmentation. Applying encryption and obfuscation techniques on the cloud data will provide more protection against unauthorized access of sensitive data of a private user.
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Ensuring data storage security in cloud computingUday Wankar
Cloud computing has been envisioned as the next-generation architecture of IT enterprise.
In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy.
Moving data into the cloud offers great convenience to users since they don’t have to care about the complexities of direct hardware management.
Cloud here means data and encryption means to secure the data. In this ppt you can get to know about various encryption algorithms which are used to secure the data.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
In Cloud, existing vulnerabilities, threats, and associated attacks raise several security concerns. Vulnerabilities in Cloud can be defined as the loopholes in the security architecture of Cloud, which can be exploited by an adversary via sophisticated techniques to gain access to the network and other infrastructure resources. In these slides, we discuss major Cloud specific vulnerabilities, which pose serious threats to Cloud computing.
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
Kuan Hon's slides for workshop on data protection in cloud computing at Data Protection 2011 conference organised by Holyrood in Edinburgh, UK on 24 February 2011.
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
Cloud computing is new way of economical and efficient storage. The single data mart storage system is a less
secure because data remain under a single data mart. This can lead to data loss due to different causes like
hacking, server failure etc. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud
provider, try to have access to the client’s information. This makes an easy job of the attackers, both inside and
outside attackers get the benefit of using data mining to a great extent. Inside attackers refer to malicious
employees at a cloud provider. Thus single data mart storage architecture is the biggest security threat
concerning data mining on cloud, so in this paper present the secure replication approach that encrypt based on
biocrypt and replicate the data in distributed data mart storage system. This approach involves the encryption,
replication and storage of data
DATA STORAGE SECURITY CHALLENGES IN CLOUD COMPUTINGijsptm
In the digital world using technology and new technologies require safe and reliable environment, and it also requires consideration to all the challenges that technology faces with them and address these challenges. Cloud computing is also one of the new technologies in the IT world in this rule there is no exception. According to studies one of the major challenges of this technology is the security and safety required for providing services and build trust in consumers to transfer their data into the cloud. In this paper we attempt to review and highlight security challenges, particularly the security of data storage in a cloud environment. Also, provides some offers to enhance the security of data storage in the cloud
computing systems that by using these opinions can be overcome somewhat on the problems.
Ensuring data storage security in cloud computingUday Wankar
Cloud computing has been envisioned as the next-generation architecture of IT enterprise.
In contrast to traditional solutions, where the IT services are under proper physical, logical and personnel controls, cloud computing moves the application software and databases to the large data centers, where the management of the data and services may not be fully trustworthy.
Moving data into the cloud offers great convenience to users since they don’t have to care about the complexities of direct hardware management.
Cloud here means data and encryption means to secure the data. In this ppt you can get to know about various encryption algorithms which are used to secure the data.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
In Cloud, existing vulnerabilities, threats, and associated attacks raise several security concerns. Vulnerabilities in Cloud can be defined as the loopholes in the security architecture of Cloud, which can be exploited by an adversary via sophisticated techniques to gain access to the network and other infrastructure resources. In these slides, we discuss major Cloud specific vulnerabilities, which pose serious threats to Cloud computing.
Data protection in cloud computing - Data Protection Conference 2011Cloud Legal Project
Kuan Hon's slides for workshop on data protection in cloud computing at Data Protection 2011 conference organised by Holyrood in Edinburgh, UK on 24 February 2011.
Bio-Cryptography Based Secured Data Replication Management in Cloud StorageIJERA Editor
Cloud computing is new way of economical and efficient storage. The single data mart storage system is a less
secure because data remain under a single data mart. This can lead to data loss due to different causes like
hacking, server failure etc. If an attacker chooses to attack a specific client, then he can aim at a fixed cloud
provider, try to have access to the client’s information. This makes an easy job of the attackers, both inside and
outside attackers get the benefit of using data mining to a great extent. Inside attackers refer to malicious
employees at a cloud provider. Thus single data mart storage architecture is the biggest security threat
concerning data mining on cloud, so in this paper present the secure replication approach that encrypt based on
biocrypt and replicate the data in distributed data mart storage system. This approach involves the encryption,
replication and storage of data
Providing user security guarantees in public infrastructure cloudsKamal Spring
The infrastructure cloud (IaaS) service model offers improved resource flexibility and availability, where tenants – insulated from the minutiae of hardware maintenance – rent computing resources to deploy and operate complex systems. Large-scale services running on IaaS platforms demonstrate the viability of this model; nevertheless, many organizations operating on sensitive data avoid migrating operations to IaaS platforms due to security concerns. In this paper, we describe a framework for data and operation security in IaaS, consisting of protocols for a trusted launch of virtual machines and domain-based storage protection. We continue with an extensive theoretical analysis with proofs about protocol resistance against attacks in the defined threat model. The protocols allow trust to be established by remotely attesting host platform configuration prior to launching guest virtual machines and ensure confidentiality of data in remote storage, with encryption keys maintained outside of the IaaS domain. Presented experimental results demonstrate the validity and efficiency of the proposed protocols. The framework prototype was implemented on a test bed operating a public electronic health record system, showing that the proposed protocols can be integrated into existing cloud environments.
[Mustafa Toroman, Saša Kranjac] More and more services we use every day are moving to cloud. This creates many challenges, especially if we look at things from security point of view. Taking services out of our datacenter, opens our data and services to new kind of threats but fortunately new tools are available to protect us. See from both perspectives how attackers can try to exploit our journey to cloud and how can we detect threats and stop attacks before they occur. We will show examples how Red Team attacks our Cloud and how Blue Team can detect and stop Red Team.
Architecting Data Services for the Cloud: Security Considerations and Best Pr...Adnene Guabtni
This presentation provides an overview of the best security practice and design principles for architecting highly secure and data services on Amazon Web Services (AWS) cloud.
An Comparison with Property Based Resource Attestation to Secure Cloud Enviro...cscpconf
In this paper we propose a new cloud computing environment where we approach a trusted
cloud environment which is controlled by both the client and the cloud environment. Our
approach is mainly divided into two parts. First part is controlled by the normal user which gets
permission by the cloud environment for performing operation and for loading data. Second
part shows a secure trusted computing for the cloud, if the admin of the cloud want to see the
data then it take permission from the client environment. This provides a way to hide the data
and normal user can protect their data from the cloud provider. This provides a two way
security which helps both the cloud and the normal user. For the above concept we propose a
java based algorithm. In this paper we also provide a comparative study between our novel and the traditional approach. It also proof that our method shows good result in comparison to the previous one
Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.
Check Point Software Technologies: Secure Your AWS WorkloadsAmazon Web Services
Hosting workloads on AWS provides organizations with agility, speed, efficiency, and reduced costs. Check Point vSEC further enhances this experience by delivering advanced, multi-layered threat prevention security for your AWS workloads, protecting assets and enabling secure connectivity from enterprise networks to your AWS resources. Register for our upcoming webinar to learn how Check Point vSEC on AWS provided customers with an advanced threat prevention solution to enable secure application delivery. Learn how to migrate your applications and workloads to AWS with vSEC’s comprehensive security solution tailored to help protect your cloud environment.
Join us to learn:
• How Check Point vSEC enabled customers to confidently migrate from an on-premises infrastructure to AWS
• How to prevent network attacks and data breaches when hosting workloads in a cloud-based environment
• How Courtagen Life Sciences secured their cloud environment to maintain compliance, reduce IT expenses and leverage the full capabilities of the AWS Cloud
Who should attend:
IT Admins, Security Admins, Cloud Admins, Business Decision Makers, Compliance & governance officers, Line of Business leaders, DevOps engineers & architects
Whether you're a business owner, IT professional, or anyone interested in cloud migration, this presentation will help you develop a deeper understanding of the benefits and challenges of cloud migration.
Download our presentation about Cloud Migration Strategies for Businesses and learn why cloud migration is crucial for modern businesses.
You can also see our workshop on this topic: https://www.youtube.com/watch?v=b10nxSJ5gS0&ab_channel=ZenBitTech
This workshop will provide you with actionable insights and best practices for successful cloud migration. Our expert speakers will share their knowledge and experience in preparing for cloud migration, choosing the right cloud platform, and developing effective migration strategies. You will also learn about key considerations such as data migration, security and compliance, cost optimization, and integration with existing systems.
See our blog: https://zenbit.tech/blog/cloud-migration-overview/
A robust and verifiable threshold multi authority access control system in pu...IJARIIT
Attribute-based Encryption is observed as a promising cryptographic leading tool to assurance data owners’ direct
regulator over their data in public cloud storage. The former ABE schemes include only one authority to maintain the whole
attribute set, which can carry a single-point bottleneck on both security and performance. Then, certain multi-authority
schemes are planned, in which numerous authorities distinctly maintain split attribute subsets. However, the single-point
bottleneck problem remains unsolved. In this survey paper, from another perspective, we conduct a threshold multi-authority
CP-ABE access control scheme for public cloud storage, named TMACS, in which multiple authorities jointly manage a
uniform attribute set. In TMACS, taking advantage of (t, n) threshold secret allocation, the master key can be shared among
multiple authorities, and a lawful user can generate his/her secret key by interacting with any t authorities. Security and
performance analysis results show that TMACS is not only verifiable secure when less than t authorities are compromised, but
also robust when no less than t authorities are alive in the system. Also, by efficiently combining the traditional multi-authority
scheme with TMACS, we construct a hybrid one, which satisfies the scenario of attributes coming from different authorities as
well as achieving security and system-level robustness.
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
There are many challenges that the developers will come across while developing or migrating applications to cloud. This paper intends to discuss various points that the developers need to be aware of during the development or migration of the application to the cloud in terms of various parameters like security, manageability, optimal storage transactions, programmer productivity, debugging and profiling, etc. The paper provides insights into how to overcome these challenges when developing / migrating the on-premise application on to cloud and the difference in programming when targeting the on-premise data center and cloud. The primary focus area for cloud in this paper would be on Microsoft Windows Azure, Google App Engineand Amazon cloud.
Similar to Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Auditing and Logging in Cloud Infrastructure (20)
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Harvard Extension School: Cloud Security Final Project - HIPAA Compliance Auditing and Logging in Cloud Infrastructure
1. Final Project
Harvard University
CSCI E-49 Cloud Security
Professor: Ramesh Nagappan
MOHD SHAHRUL ZHARIF SHARUDIN (BIG.GAMMA@GMAIL.COM)
ROBERT DORNBERGER (ROBDORNBERGER@ME.COM)
CHETAK PATEL (PATEL.CHE@GMAIL.COM)
2. Background
GoodBuy is a small chain of grocery stores with headquarters in
Michigan. Each GoodBuy's location has a pharmacy on site to fill
prescriptions for patients. The pharmacies have a pharmacy
management system that keeps track of all prescriptions and patient
information. GoodBuy is planning to migrate the server in each store to
the AWS cloud. Since this is a pharmacy all HIPAA regulations must be
followed to secure patient data.
3.
4. Goal
▶ Migrate the pharmacy systems and servers in each Goodbuy store
to the AWS cloud.
▶ Ensure the new Cloud system comply with HIPAA requirement
▶ Implement appropriate security controls to protect the cloud
architecture and its data
Problem Statement
GoodBuy is planning to migrate the server in each store to the AWS
cloud. Since this is a pharmacy all HIPAA regulations must be followed
to secure patient data.
5. HIPAA Requirement (45 CFR 164.312 -
Technical safeguards)
▶ (a)(1)Standard: “...allow access only to those persons or software programs
that have been granted access rights ...”.
▶ (a)(2)Implementation specifications:
(i)Unique user identification (Required).
(ii)Emergency access procedure (Required).
(iii)Automatic logoff (Addressable).
(iv)Encryption and decryption (Addressable).
▶ (b)Standard: Audit controls.
▶ (c)(1)Standard: Integrity. protect PHI from improper alteration or destruction.
▶ (c)(2)Implementation specification: Mechanism to authenticate electronic
protected health information (Addressable).
▶ (d)Standard: Person or entity authentication.
▶ (e)(1)Standard: Transmission security.
7. GoodBuy Cloud Security Control
Identity & Access
Management
Virtual Private Cloud Simple Storage Service Key Management
Service
Secure access to the
management console and
control access to other
AWS resources without
having to share your
password or access key.
Able to grant different
permissions to different
people for different
resources.
Able to securely provide
applications that run on
EC2 instances the
credentials that they need
to access other AWS
resources, like S3 buckets
and RDS databases
Setup a virtual network like
what you would have in a
datacenter. Security
groups are use to filter only
over certain ports and IP
addresses.
Only VPN server is expose
to the world.
All the virtual machines are
isolated in separate
subnets and protected
using AWS security
policies
Stores encrypted logs
from CloudTrail and data
from EC2 instances
Use S3 bucket policy as
access control
Manage encryption
key use for S3.
Protecty key security
and availability
8. GoodBuy Cloud Logging & Monitoring
▶ We have created accountability using AWS CloudTrail for logging.
− AWS API calls and related events
− Identify who, where and when calls to AWS services are made.
− Use to create audit log for system event (E.g. change in VM
state) or data event (E.g. CRUD operation on S3 bucket)
− Monitoring has been setup using cloud trail to send alert on
important security events such as when VM shutdowns
9. Future Improvement
Create secure images to deploy EC2 instances
using templates after everything has been
tested and approved.
Create snapshots, and images and keep them
up to date with patches and upgrades. This will
allow a restore from a snapshot or when you
deploy from an image the latest patches and
security upgrades will be already installed.
Malware protection needs to be in place for the
virtual machines.
Establish a read-only operating environment to
make the operating system kernel and binaries
tamper proof.
The logs we have in cloud trail can be
integrated into a SEIM solution.
Federation is ready to be used we have setup simple
directory.
Static anti-virus software needs to be running to provide
advanced malware protection.
Install an intrusion prevention system.
Create Disaster Recovery plans for the virtual
machines.
Disaster Recovery needs to be integrated into the
business continuity and Disaster Recovery plan.
Store logs long term in AWS Glacier
Logs must be stored for 6 years